Definition: Authentication is an access control technique or combination of techniques that verify the identity of an individual who is attempting to gain admittance into an information system. Organizational security policies should address how identity is verified. There are three main methods to provide the assurance of the identity of an authorized user. They are: something that the user knows (i.e. password), something that the user possess (i.e a token) or something that the individual "is" (i.e. biometrics). Access to the computer or the network is denied if attempts to verify identity fail. Authorization, on the other hand refers to privileges.

Its Relevance: Providing information assurance is impossible without a robust mechanism that can reliably identify the person or system that is attempting to gain access. Verifying the legitimacy of a request sign-on to a computer or network is a necessary, first-line defense and must be a part of an information security policy and plan.

Return from "Authentication" to Words [A - C]