Authentication Mechanisms

What is an authentication ?

-> Authentication is the process of establishing whether a client is who or what it claims to be in a particular context. A client can be either an end user, a machine, or an application

Now when we talk about authentication , we will have to discuss about mechanisms used to authenticate a user or a process or a client.

In straight forward concept there are many ways authentication could be done

-> One time passwords
-> Challenge Response Mechanisms
-> Time based mechanisms as using SecureID (Password Generator)

This is just a snapshot of authentication mechanisms used often in world, however many new mechanisms are available to check out.

Precisely when we take a case of SecureID, RSA then we can again think of 2 Factor Authentication which relates back to our old post, where ...

-> Something You Have (Token that generates a passcode)
-> Something You Know (Pin) which is used together to authenticate a user

User puts in his ID and then uses a combination of PIN+Passcode

New emerging technology in market is RSA Adaptive Authentication

Which deals with intelligent engine and looks for various factors to determine the risk level of an entity.

It takes into account many parameters and conducts a risk assessment.
Unique risk score is assigned to each activity and users are only challenged in case of high risk activity. This helps companies to increase security without affecting users activities.
It is still in it's nascent stage but slowly gaining implementations worldwide.