Introduction Authentication

Notes

• This is chapter 2 from Pfleeger
• Identification is the act of asserting who a person is.
• Authentication is the act of proving that the asserted identity, that the person is who she says she is.
• Usually identification is public
  • Your name
  • Your username
• Sometimes identification should be private
  • Your bank account number
  • Your student identification number
  • Your social security number
• Your authentication factors must be private
  • Password
  • passkey
  • Fingerprint/pin on your phone
• Your authentication factors can be
  • Something the person knows (pin, password, passphrase, ...)
  • Something the person is (fingerprint, voice, face, ...)
  • Something the person has (phone, badge, key, ...)
• Multifactor authentication employs two or more verification factors.
  • Log in with a password, then answer with a text sent to your phone
• The purpose of the identify and authentication factors is authentication.
• These are definitely vulnerabilities
  • The book has two stories of how security questions can be vulnerable and exploited.
• We will examine passwords in the next few sections.