User authentication is the verification of an active human-to-machine transfer of credentials required for confirmation of a user’s authenticity; the term contrasts with machine authentication, which involves automated processes that do not require user input.
User authentication is performed in almost all human-to-computer interactions other than guest and automatically logged in accounts. Authentication authorizes human-to-machine interactions on both wired and wireless networks to enable access to networked and Internet connected systems and resources.
Traditionally, user authentication has typically consisted of a simple ID and password combination. Increasingly, however, more authentication factors are added to improve the security of communications.
The main authentication factors are knowledge, possession and inherence:
- Knowledge factors include all things a user must know in order to log in, User names or ID password and pin numbers all fall under this category.
- Possession factors consist of anything a user must have in their possession in order to log in; this category includes one-time password tokens as key fobs or smartphone apps, employee ID cards and SIM card-based mobile phones.
- Inherence factors include any inherent traits the user has that are confirmed for login; this category includes the scope of biometrics: retina scans, iris scans, fingerprint scans, finger vein scans, facial recognition, voice recognition, hand geometry and even earlobe geometry.
User location is sometimes considered a fourth factor for authentication. The ubiquity of smartphones can help ease the burden here: Most smartphones are equipped with GPS, enabling reasonable surety confirmation of the login location. Lower surety measures include the MAC address of the login point or physical presence verifications through cards and other possession factor elements.
The use of at least one-factor of each of these four-factor types is considered four-factor authentication (4FA). Selecting four authentication factors out of two categories is only two-factor authentication (2FA) and, as such, less likely to add significantly to the security of the procedure.
The reliability of authentication is affected not only by the number of factors involved but also the specific technologies and the manner in which they are implemented. Well-designed and appropriately enforced implementation rules can help ensure the security of user authentication.
However, it’s also important not to overburden users with difficult authentication routines, which can lead to non-compliance that undermines the purpose. Multifactor authentication (MFA) with automatic processes can enhance security while minimizing the effort required by the user.