Identity authentication

In recent days, Saigon has begun to have the early season rains. It cause the lock of my house's gate to rust and become difficult to open. After addressing this by applying oil to lubricate the lock, I suddenly thought about the number of authentication mechanisms used in an information technology system.

Therefore, I have summarized the authentication mechanisms based on my knowledge and experience for the purpose of refreshing my understanding and for future reference.

Please correct me if anything is wrong!!!

What is authentication and why do we need it?

Authentication is the process of verifying the identity of an individual, device, or entity seeking access to a system, application, or resource. It is essential for information security and access control, ensuring that only authorized individuals or entities gain access to systems, applications, or data.

This protection helps guard against unauthorized access, data breaches, and misuse of resources, thereby upholding the confidentiality, integrity, and availability of sensitive information and systems.

Authentication types

1. Single-factor authentication.
2. Multi-factor authentication (MFA).
3. Adaptive authentication.
4. Biometric authentication.
5. Token-based authentication.
6. Certificate-based authentication.

Authentication categories

1. Knowledge-based authentication
2. Possession-based authentication
3. Proximity-based authentication
4. Biometric authentication
5. Others

Knowledge-based authentication

• Personal Identification Number (PIN code)
• Password-based authentication: Username/password; or Basic authentication.
• Security question based authentication

Possession-based authentication

• Physical tokens: smart cards, USB tokens,
• Mobile device authentication: push notification, app-based authenticator, QR code scanning.
• One Time Password (OTP)
• Radio frequency identification (RFID)
• Near field communication (NFC)

Biometric authentication

• Fingerprint reader
• Face recognization

Proximity-based authentication

• Bluetooth Low Energy (BLE)
• Near field communication (NFC)

Others

• Single Sign On (SSO)
• Oauth

Single-factor authentication

Is a method used to verify an individual's identity using only one type of credential or verification factor.

Pros:

• Simplicity.
• Cost effective.

Cons:

• Less security compare to MFA
• Less compliance.
• Limited protection.
• Vulnerability to attack.

Multi-factor authentication (MFA)

Is a multi-steps login that requires user to enter more information than just a password. Eg: 2FA

Pros:

• Help prevent unauthorized access in case of the password has been compromised.
• Enhanced Security.
• Compliance.
• User Confidence.

Cons:

• Complexity
• Cost.
• User Experience.
• Dependency on External Factors: need mobile or hardware, potential points of failure.

Adaptive authentication

Is a method that assesses the risk associated with a specific access attempt and adjusts the level of authentication required based on that risk. It considers various factors such as user behavior, location, time of access, and the sensitivity of the resources being accessed.

Pros:

• Enhanced Security.
• Improved User Experience.
• Risk Mitigation.
• Compliance.

Cons:

• Complexity.
• False Positives.
• Resource Intensive.
• Dependency on Data Accuracy.

Biometric authentication

Use unique biological characteristics, such as fingerprints, facial features, iris patterns, or voice recognition, to verify an individual's identity.

Pros:

• Strong security.
• Convenience.
• Non-Transferable.
• Accurate identification.

Cons:

• Privacy concerns
• Technical limitations.
• Cost and complexity.
• Physical changes.

Use cases:

• Mobile devices: unlock screens, authorize transactions, ...
• Border Control and Immigration
• Law enforcement
• Financial services

Token-based authentication

Is a method where a unique token, such as a physical or digital key, is used to grant access to a system or application. These tokens can be in the form of physical smart cards, key fobs, or digital tokens generated by authentication apps.

Pros:

• Enhanced security.
• Reduced dependency on passwords.
• Common uses as another layer of MFA.
• Flexibility.

Cons:

• Costly, especially for physical tokens such as smart cards.
• Risk of loss or theft.
• Complexity.
• Resource-intensive, especially in large organizations.

Use cases:

• Secure Access Control: building, data center.
• Financial transactions.
• Cloud services.

Certificate-based authentication

Involves the use of digital certificates to verify the identity of users, devices, or services seeking access to a system or network. These certificates are issued by a trusted authority and are used to establish secure connections and authenticate digital identities.

Pros:

• Strong security: it leverage cryptographic keys and digital signatures to verify the identity of users and devices.
• Mutual authentication: allowing both the client and the server to validate each other's identities, enhancing overall security.
• Non-Repudiation: Digital certificates provide non-repudiation, ensuring that a user or entity cannot deny the authenticity of a message or transaction.
• Scalability: well-suited for large-scale deployments.

Cons:

• Complexity: key management, certificate lifecycle management.
• Cost.

Use cases:

• HTTPs
• VPN.

Personal Identification Number (PIN code)

Is a numeric password (4-6 digits) used to authenticate the identity of a user

Common used in conjunction with other authentication factors, such as physical cards

Pros:

• Low cost.
• Ease of use.
• User can choose their PIN code

Cons:

• Potential brute force attack.
• Can be stolen, intercepted, observe.

Username / password

Pros:

• Simple.
• Flexible.

Cons:

• Easily forgotten / Shared / Stolen
• Weak password.
• Social engineering.
• Enforce password policies effort

Basic authentication

Is a simple authentication scheme built into the HTTP protocol.

Pros:

• Simple.
• No session management.
• Widely supported across various platform and technologies

Cons:

• Credentials are base64 encoded, which can be easily decoded.
• No logout mechanism.

Security question based authentication

Involves users selecting or setting up a series of questions and providing answers during the account creation process.

Pros:

• User-Friendly.
• Add an extra layer of authentication, especially when combined with other authentication methods.

Cons:

• Weak Security: social engineering attacks.
• Forgettable Answers.
• Privacy Concerns.

Use cases:

• Online account password recovery.
• Financial services.

QR code scanning

Pros:

• Offers a balance of convenience and security.
• Reduce errors associated with manual input of authentication credentials.

Cons:

• Dependency on Devices.
• QR codes may have limitations in the amount of data they can effectively contain.
• Can be intercepted or used fraudulently.

Use cases:

• Can be used as part of MFA.
• Gain access to a system, or physical locations.

One Time Password (OTP)

Is a unique code or password that is only valid for a single login session or transaction.

Generally used as a second factor in MFA.

OTP can be sent via:

• SMS.
• Email.
• Authentication apps.
• Hardware tokens.

Pros:

• Add additional layer of security.
• Can be generated and delivered quickly through various channels.
• Reduced Vulnerability: static password, weak password, phishing, key-logging, ...

Cons:

• Cost and Complexity.
• Dependency on Delivery Methods.
• Device Dependency.
• Phishing Risks.

Radio frequency identification (RFID)

Is a technology that uses radio waves to identify and track objects.

Pros:

• Enables rapid and automated identification and tracking of items, reducing the need for manual scanning and data entry.
• RFID tags are durable and can be used in various environments.
• Allow quick and efficient reading of tags in bulk.

Cons:

• Cost.
• Interference.
• Lack of universal standards.

Use cases:

• Use for tracking of inventory in retail, manufacturing, and logistics operations.
• Provides real-time visibility into the movement of goods throughout the supply chain.
• Use for secure access control systems in buildings, parking lots, and restricted areas.

Near field communication (NFC)

Is a short-range wireless communication technology that allows devices to communicate when they are in close proximity, typically within a few centimeters of each other.

Pros:

• Contactless transactions.
• Device pairing and Data exchange.
• Widely available in many smartphones and is supported by a variety of applications and services.

Cons:

• Limited range.
• Both devices involved in an NFC transaction must have NFC capabilities, limiting universal compatibility.
• Potential for interference

Use cases:

• Contactless transactions, data exchange, and device pairing.
• Grant access to a system or location.

Fingerprint reader

Use a person's unique fingerprint patterns to verify their identity.

Pros:

• High Security.
• Convenience.
• Non-Repudiation.
• Fingerprint authentication is widely integrated into smartphones, access control systems, and various other devices, offering broad applicability.

Cons:

• Hardware Dependency
• Privacy Concerns.
• Accuracy Limitations.
• Adoption Challenges.

Use cases:

• Unlock the Smartphones and Tablets
• Access Control Systems.
• Financial Services.
• Law Enforcement.

Face recognization

Use an individual's facial features, such as the geometry of the face, to verify their identity.

Pros:

• Convenience
• High Accuracy.
• Face authentication is integrated into smartphones, access control systems, and airport security, among other applications, leading to broad adoption.

Cons:

• Privacy Concerns.
• Environmental Factors.
• Security Vulnerabilities: spoofing attacks.

Use cases:

• Unlock the Smartphones and Tablets
• Access Control Systems.
• Law Enforcement.
• Airport Security.
• Financial Services.

Bluetooth Low Energy (BLE)

Is a wireless communication technology designed for short-range communication between devices.

Pros:

• Is widely supported across various devices.
• Is ideal for scenarios where devices need to communicate over relatively short distances.
• Low power consumption.

Cons:

• Limited range.
• Can be susceptible to interference from other wireless devices operating in the same frequency range.

Use cases:

• Providing targeted offers to customers based on their location within a store.
• Asset tracking.

Single Sign On (SSO)

Pros:

• Enhanced User Experience.
• Improve security.
• Easily manage user access and permission across multiple applications.

Cons:

• Single point of failure.
• Some applications or system may not compatible to integrate.

Use cases:

• Use SSO to access various enterprise applications, such as email, document management systems, ...

Credit to

• Thanks for the ChatGPT for the definition, correct the spelling and grammar :D