Computer Authentication Methods

• Computer authentication methods identify users at various levels of confidence. Security and antivirus vector icons image by Aleksandr Lukin from Fotolia.com

  The goal of computer authentication is to identify the user and to verify that he has access to a computer system. Computer authentication methods have been widespread since the personal computer was developed in the 1970s. Many authentication methods model physical methods that have been in use for centuries, such as identity cards, visual authentication and passwords. Breaches in computer authentication methods or in physical access controls comprise some of the most devastating attacks against information technology systems.

Passwords

• Passwords are the most common form of computer-based authentication. Users are prompted for a user identifier, email address or user name and a password object that are authenticated against a database or ACL (access control list). Once the user is identified, she is given access to certain areas of a system, as stored in an authorization manifest. Websites, wireless networks, single-user machines and email technologies frequently use user names and passwords to authenticate users. Passwords are vulnerable to guessing, brute-force (trying every possible password combination) and theft attacks.

PKI and Smart Cards

• PKI (Public Key Infrastructure) provides a cryptographically secure method of authenticating computer users. Users are given two cryptographic keys: a public key and a private key, which are used in the authentication process. When a user tries to authenticate to a system, he presents his public key, which is validated by the server, then an encrypted challenge is presented by the server, which only the user can decrypt with the private key. Since the user's private key is not shared with anyone else, the computer is mathematically certain of the user's identity. Smart cards are the most common method of storing secret keys for authentication.

Knowledge-Based Authentication

• Banks and other financial institutions often use KBA (Knowledge Based Authentication) to verify a user based on something he knows. Secret questions/answers, pin numbers, and challenge words are common forms of KBA, requiring the user to provide an easily remember-able but unique answer to the challenge question. Impostors with intimate knowledge of the victim can usually beat KBA, as answers to security questions are usually easy to guess.

Biometrics

• Biometrics are authentication tools to verify a user's identity using some physical aspect. Fingerprint scanners, facial recognition, voice print recognition, retinal and iris scans are all widespread forms of biometric authentication. Biometric authentication is used by the U.S. military during enlistment to verify the identity of new recruits and to check their fingerprints against a database of criminals. Users can occasionally bypass or spoof biometric authentication by exploiting a weakness in the underlying technologies, for example, using a picture of the victim to bypass facial recognition.