InfoSec

Simplifying Information Security: Authentication

Authentication is the process to validate an identity. This is how a platform or service knows it is you. There are three basic types of authentication mechanisms. These are:

Type 1: Something you know

Type 2: Something you have

Type 3: Something you are

Let’s take a look at these in a little more depth.

Type 1 authentication is simplest to implement. The subject is given a challenge and it responds with something unique and specific known only by the subject. The most common example is a password. Although it is one of the most common, Type 1 authentication is considered to be the weakest.

Type 2 authentication requires a subject to possess something for authentication. Common examples are smart cards, Static and Dynamic tokens. Mobile-based tokens are also considered part of type 2 authentication.

Type 3 authentication mainly consists of Biometrics, which is something you are. There are numerous types of biometric controls like fingerprints, Retina Scans, Iris Scans, Hand Geometry, Facial Scan and many other mechanisms to authenticate something you are.

Fingerprints are the most widely used biometric authentication mechanism. The data for fingerprint is a mathematical representation of minutiae which is specific details of ridges, loops and other particulars of fingerprint. It is widely used for physical access authentication. Fingerprint authentication gives false rejection if there are cuts or sores appear on finger. Other challenges are indistinct pattern due to age factor. 

Retina scan analyses the blood vessels at the back of the eye. While the Retina scan is one of the most accurate it isn’t allowed in many countries as it uses laser scan and reveals privileged Health information. This method can also be affected by pregnancy, diabetes, and other diseases of the eye.

Authentication is the process to validate an identity. This is how a platform or service knows it is you. There are three basic types of authentication mechanisms.

Iris scans, on the other hand scans, only use patterns of the coloured part of the eye. Of the biometric systems, iris scans are the most precise. The iris remains constant through adulthood, which reduces the type of errors during the authentication process.

Hand geometry reads the shape of a person’s hand including the shape, length, and width of the hand and fingers. Facial scan is becoming increasingly popular with the new series of laptops and other mobile devices.

This system scans a person’s face for different facial features such as bone structures, nose ridges, eye widths, forehead sizes, and chin shapes. Apple’s Face ID uses this technology for authentication.

Voice recognition compares a spoken phrase by a person to a registered phrase previously spoken by the same person. This method is used in combination with other factors for authentication.

For added security, authentication involves multiple factors from type 1, 2 and 3. This is the process known as 2-factor authentication. For example, ATM machines use both Debit card and Pin which is a combination of something you have and something you know. Or your email may ask you for a password, and send a unique code to your phone via text message. It won’t accept your credentials until both conditions are met. 

I hope this video helps to make you understand the different authentication mechanisms used.  What are some loopholes you have come across, and what measures do you think help to make plug those vulnerabilities? Share in the comments below.

To Top
%d bloggers like this: