In the context of online security, User Authentication is of high importance. It is the process of confirming or verifying identity of a user over the internet. This process determines whether the individual is who he claims to be or not. For authenticating a user, the login credentials entered are compared to those on file in a database of authorized users’ information within an authentication server. If the credentials match, then the process is completed and the user is considered as an authentic user. Availability, Integrity, Authentication, Confidentiality and Non-repudiation are the five pillars of IA (Information Assurance).
Authenticating the users through the combination of just usernames and passwords is known as password-based authentication process. In this form of authentication, authenticity of the users is checked based only on the login credentials entered by them. There is no other factor involved to verify identity of the user. The passwords can be easily compromised by the hackers or intruders using the advanced hacking techniques, therefore password-based authentication is not considered to provide adequately strong security to the online accounts, sensitive data and information.
The following factors are used for authenticating the users online:
Knowledge factors (something you know) – username, password, PIN, a security question. It is known as 1FA (One Factor Authentication).
Possession factors (something you have) – credit & a debit card, mobile phone. The combination of ‘something you know’ and ‘something you have’ forms 2FA (Two Factor Authentication) or Two Step Verification.
Inherence factors (something you are) – biometrics of the user such as iris, retina, face scan, voice recognition, fingerprint. The combination of ‘something you know’, ‘something you have’ and ‘something you are’ forms 3FA (Three Factor Authentication).
Time and Location factors – user location and current time are considered the fourth factor and fifth factor for authenticating a user.
2FA (Two Factor Authentication) and 3FA (Three Factor Authentication) are becoming common. 4FA and 5FA systems are used in some extremely high-security installations. The use of multiple factors increases security. It is because an attacker can’t access all the elements required in the authentication process. Each additional factor increases the security of the system and decreases the likelihood that it could be breached or compromised.