Authentication

Definition: Authentication is an access control method (s) used to verify the identity of an individual who is attempting to gain access into an information asset. Organizational security policies should exist that address how the identity of users are to be verified.  (See www.paladin-information-assurance.com)  

There are three main methods to provide the assurance of the identity of an authorized user. They are: something that the user knows (e.g. password), something that the user possess (e.g. a token) or something that the individual "is" (e.g. biometrics such as a finger print reader. Access to the computer or the network is denied if attempts to verify identity fail. Authorization, on the other hand refers to privileges.

Its Relevance: Providing information assurance is impossible without a robust mechanism that can reliably identify the person or system that is attempting to gain access. Verifying the legitimacy of a request to sign-on to a computer or network is a necessary, first-line defense and must be a part of an information security policy and plan.  Crackers and hackers devote a great deal of effort trying to defeat authentication methods being used by infrastructure owners.

Return from "Authentication" to Words [A - C]