Authentication is the process of determining whether someone, or something, is who or what they say they are. The ways in which users prove their identities often depends on the sensitivity of the data and digital resources involved. Verifiable information falls into three different categories:
Knowledge factors: This category includes things that you know. Users attempting to prove their identities should know this information, including:
One-time passcodes (OTPs)
Answers to security questions
Personal identification numbers (PINs)
Pros: Can be easily implemented
Cons: Can be forgotten or stolen
Possession factors: This category includes things that you have. Users attempting to prove their identities should possess the required item. The way these types of factors work depend on the item and can include:
Pros: Most are hard to steal remotely
Cons: Need alternative if its broken or lost
Inherence factors: This category includes things that you are. Users attempting to prove their identities should have these physical or behavioral characteristics, which might include:
Pros: Can’t be forgotten
Cons: Dependent on a device if tied to one
There are a variety of methods and technologies available to authenticate users. The goal is to strike the right balance between keeping sensitive information secure, while making it possible for users to access their sensitive information on their devices without having to jump through unnecessary hoops.
The most well-known authentication methods are single-factor (SFA), two-factor (2FA),multi-factor authentication (MFA), passwordless authentication, and risk-based authentication. These methods use either certificate-based or token-based authentication processes behind the scenes. Explore the differences between these authentication methods and processes, and learn how SSO authentication works in federated identity management situations.
Passwordless Authentication: Learn about the passwordless authentication methods available, how they work, and how they can be used and combined to protect digital resources.
Risk-based Authentication: With risk-based authentication, users are verified as they sign on and are scored against a set of policies that grant or deny access to digital resources based on the perceived risk. Learn how it works and how risk policies are designed.
Certificate-based Authentication: With certificate-based authentication, digital certificates are used to prove users’ identities by confirming ownership of a private key. Learn how this type of authentication works and how it’s used for SSO.
Token-based Authentication: With token-based authentication, users are verified and granted a token that allows them to access specific resources for a limited period of time. Learn how this type of authentication works and when it is used.
Single Sign-On (SSO): SSO allows users to sign on to all of their applications and services with one set of credentials. Learn how it works in both SP-initiated federated SSO processes and IdP-initiated federated SSO processes.