Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
Authentication | Ping Identity
Identity Fundamentals
What is Identity and Access Management (IAM)?
Identity Providers and Service Providers
Centralized Identity Management
What is Centralized Identity Management?
How Does Centralized Identity Management Work?
Centralized Identity Standards
SAML
OAuth
OpenID Connect (OIDC)
Decentralized Identity Management
What is Decentralized Identity Management?
How Does Decentralized Identity Management Work?
How is Decentralized Identity Different?
Decentralized Identity Standards
Common Terms
Zero Trust Security
Orchestration
Authentication
Single-factor, Two-factor, and Multi-factor Authentication
Passwordless Authentication
FIDO (Fast Identity Online)
Risk-based Authentication
Certificate-based Authentication
Token-based Authentication
Single Sign-On (SSO)
Federated Identity Management
Continuous Authentication
CHAP Authentication
Authorization
Authorization Methods
User and Account Provisioning
Single Sign-on with a Directory
Dynamic Authorization
Protocols
LDAP
SCIM
WebAuthn
Kerberos
WS-Trust
What Is B2B Identity and Access Management (B2B IAM)
Agentic AI
Key IAM Considerations to Support Agentic AI
AI Agent Classes and Use Cases
IAM Best Practices for AI Agents
Reference Implementations and Patterns
Expand All | Collapse All

Authentication

 

Authentication is the process of determining whether someone, or something, is who or what they say they are. The ways in which users prove their identities often depends on the sensitivity of the data and digital resources involved. Verifiable information falls into three different categories:
 

  • Knowledge factors: This category includes things that you know. Users attempting to prove their identities should know this information, including:
     

    • Passwords

    • One-time passcodes (OTPs)

    • Answers to security questions

    • Personal identification numbers (PINs)

Pros: Can be easily implemented

Cons: Can be forgotten or stolen
 

  • Possession factors: This category includes things that you have. Users attempting to prove their identities should possess the required item. The way these types of factors work depend on the item and can include:

    • Key fobs

    • Mobile devices

    • Smart cards

    • Hardware tokens

Pros: Most are hard to steal remotely

Cons: Need alternative if its broken or lost
 

  • Inherence factors: This category includes things that you are. Users attempting to prove their identities should have these physical or behavioral characteristics, which might include: 

    • Fingerprints

    • Retinal patterns

    • Voice recognition 

    • Face recognition 

    • Handwritten signatures 

Pros: Can’t be forgotten

Cons: Dependent on a device if tied to one
 

IMGDiaPlatformKnowHaveAre1082x1082svg


There are a variety of methods and technologies available to authenticate users. The goal is to strike the right balance between keeping sensitive information secure, while making it possible for users to access their sensitive information on their devices without having to jump through unnecessary hoops.
 

The most well-known authentication methods are single-factor (SFA), two-factor (2FA),multi-factor authentication (MFA), passwordless authentication, and risk-based authentication. These methods use either certificate-based or token-based authentication processes behind the scenes. Explore the differences between these authentication methods and processes, and learn how SSO authentication works in federated identity management situations.
 

  • Single-factor, Two-factor, and Multi-factor Authentication: Learn how these methods differ and how they work.

  • Passwordless Authentication: Learn about the passwordless authentication methods available, how they work, and how they can be used and combined to protect digital resources.

  • Risk-based Authentication: With risk-based authentication, users are verified as they sign on and are scored against a set of policies that grant or deny access to digital resources based on the perceived risk. Learn how it works and how risk policies are designed.

  • Certificate-based Authentication: With certificate-based authentication, digital certificates are used to prove users’ identities by confirming ownership of a private key. Learn how this type of authentication works and how it’s used for SSO.

  • Token-based Authentication: With token-based authentication, users are verified and granted a token that allows them to access specific resources for a limited period of time. Learn how this type of authentication works and when it is used.

  • Single Sign-On (SSO): SSO allows users to sign on to all of their applications and services with one set of credentials. Learn how it works in both SP-initiated federated SSO processes and IdP-initiated federated SSO processes.

Related Resources

Capability

Authentication Authority

   

Blog

What is the Difference between Identification, Identity Verification and Authentication?

   

Blog

Authentication vs Authorization: What You Need to Know

   

Start Today

Contact Sales

sales@pingidentity.com

See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.