The Most Common Authentication Methods
Cybersecurity is a well-known business problem often discussed in media and boardrooms and has become the top concern for IT professionals, governments and organizations. A Gartner Board of Directors survey found that 88% of board members classified cybersecurity as a business risk, and only 12% called it a technology risk; however, it seems that accountability still rests in the hands of IT companies and leaders.
We often hear companies issuing statements about hackers gaining access to sensitive data. It is a paramount responsibility to secure systems and networks that only give access to authorized users and keep cybercriminals out. One way to accomplish this goal is by establishing authentication methods.
The different types of authentication methods
This article will give a general overview of the various authentication methods and their importance in securing data protection and users' privacy.
What is authentication, and why is it important?
Authentication is a process that identifies and verifies users to provide them with access to a system, network, or device. The access control helps determine the user's identity according to credentials like username and password. Other authentication technologies like biometrics and authentication apps are also used to authenticate user identity. It is essential to incorporate an effective authorization method to ensure outside parties cannot gain access to sensitive information. For instance, User A only has access to relevant information and should always be prohibited from viewing User Bs sensitive data. The importance of a secure authentication method is that it prevents cybercriminals from gaining access to a system's network and stealing information. A famous example of a data breach happened when hackers gained access to Yahoo user accounts to steal data, calendars and private emails. In addition, Equifax data was also compromised in 2017, exposing the credit card information of over 147 million consumers. Enterprise organizations and governments must have secure authentication methods to avoid the risk of exposure or theft.
What does network-level authentication mean?
A network protocol verifies a user's identity; for example, when a user attempts to log in to a given network, they have to indicate their identity by providing a username and password. The system immediately cross-checks the username against a list of authorized users to confirm that they have access to a given network. An obvious drawback to the password authentication method is that passwords can get lost or stolen. However, authentication methods add other steps to verify the user's identity by asking additional security questions (i.e. favourite city or surname), a secret phrase word or event that only the user knows themselves.
The five most common types of authentication types
- Password Authentication: Anyone that uses the internet knows that passwords are a common way to authenticate a person's identity. Passwords can include a string of numbers, letters, or special characters, and it is often recommended to use all three characters for the best protection. The challenge with passwords is that they are prone to phishing attacks and subject to lost and stolen passwords. An average person has over 25 online accounts for school, work, banking and social activity, but only 54% of users use different passwords across their accounts, and people choose convenience over security. Most users will also opt-out of creating complex passwords because these are harder to remember, posing several data risk challenges. Cybercriminals can easily access credentials by running a combination until they find a match and then use it on various platforms.
- Multi- Factor Authentication: The MFA authentication method was developed on top of passwords to achieve a robust identity verification solution. It requires two or more ways to identify a user; for example, a code can be generated from a user's smartphone, captcha tests, fingerprints, and face and voice biometrics are all models of MFAs. This offers a good defence against common account hacks and adds another layer of security on top of passwords. This method has some limitations because it requires a user to have a password and a physical device such as a phone. The challenge here is that people can lose their smart devices or SIM cards and will not be able to generate their authentication code when needed.
- Certificate-based authentication: This method uses digital certificates to verify identity. It is often an electronic document based on a government issued identification such as a driver's licence or a passport. Certificate-based authentication offers a digital signature or a public key issued only by a central authority. The steps involve that a user provides their digital certificate when signing in (i.e. passport number). The server then verifies this information and uses cryptography to confirm that the User is who they say they are.
- Token Authentication: These authentication methods are commonly used by companies and use a purpose-built physica device for the 2FA. For example, they can insert a google into the computer’s USB port, or a smart card that contains radio frequency ID. The drawback of these systems is that they are expensive to implement and the hardware components can be lost.
- Biometric authentication methods: This is considered as cutting edge technology as it uses a person’s biometrics and physical characteristics to verify identity. Most widely used biometric is the fingerprints, retinal and iris scans, voice and facial recognition. Since no two users have the same fingerprints or retinal id, this method is considered to be the most secure authentication method and it eliminates the need to remember passwords or carry dongle cards. The drawback of this method is that it is extremely expensive to install, and has associated privacy concerns.
Data security and cybersecurity are constantly evolving as companies look to move beyond password authentication methods to more sophisticated data protection measures. In the years to come we are likely to see the progression from simple passwords to more sophisticated authentication methods emerge.
Ryan Wike, Microsoft: Authentication vs Authorization: