In the previous chapter we’ve learned what authentication is. In this chapter, we provide basic knowledge about how authentication can be done or what are the authentication types.
There are multiple ways in which users can be authenticated. All authentication types can be divided into three groups.
Something the user knows
When authenticating the user must provide or enter something only he knows. This can be a password, pin number, passphrase … All authentication types, that require the user to enter something that he must recall from his memory, fall into this group.
Something the user has
This type of authentication expects a user to use some form of physical objects. This can be a USB key, smartphone, smart card, a token device, etc. In some situations, it is enough just to possess an object in other cases this object provides extra information that the user must retype into some web authentication form.
Something the user is
When this type of authentication is used, the user must use a part of its body in the authentication process. This can include fingerprint, retina or palm scanning, voice verification, or face recognition.
Forms of authentication most used
Today the most used authentication methods are:
- password authentication – for web-based applications this is still the most popular form of authentication
- fingerprint scanning – newer smartphones and laptops provide this type of authentication, so this is becoming more and more popular as it is easy to use
- multi-factor authentication – this type of authentication expect the user to use more methods – typical the user first provides user name and password and then add a code that is sent to him over mail or SMS
Average user spends
hours entering/resetting passwords.
of users prefer password less based authentication methods.
reuse an everage five password across personal and business accounts