Definition[]
An authentication mechanism is a
“ | hardware or software-based mechanism that forces users to prove their identity before accessing data on a device.[1] | ” |
Overview[]
Authentication mechanisms may include:
- User name, password and Personal Identification Numbers (PINs): These are typically a non-confidential name and a confidential password or number which are shared between a person and a system which may be used alone or together to allow specified access rights to the system.
- Known Facts: Information stored by a service provider or organization to authenticate an individual seeking access to a service, such as current address.
- Shared Secrets: A piece of pre-agreed information such as a password or phrase or Questions and Answers, that is only known to the parties involved in a secure communication, such as between an individual and a service provider.
- Smart cards: A card containing a microchip which is capable of storing information.
"Reliable authentication mechanisms are critical to the security of any automated information system. If the identity of legitimate users can be verified with an acceptable degree of accuracy, those attempting to gain access without proper authorization can be denied permission to use the system. When a legitimate user's identity is verified, access control techniques are applied to mediate that user's access to system resources. If a computer system cannot verify the identity of users and other computers, the system will not be able to protect itself against unauthorized access."[2]
References[]
- ↑ NIST Special Publication 800-72, at 57.
- ↑ FIPS 191.