The five factors of authentication are given below:
1. Something you know, such as a username and password
2. Something you have, such as a smart card, PIV, or a token
3. Something you are, using biometrics, such as fingerprint or retina scan
4. Somewhere you are, such as your location using geolocation.
5. Something you do, such as gestures on a touch screen
However, first three factors are widely recognized factors of authentication. "Somewhere you are" and "something you do" are not widely recognized. For example, if you use "somewhere you are" as authentication, some one else may come in to you position (geographically speaking) at a later time and claim access to the resource. Similarly, repeatability of hand gestures is questionable, and it may lead to uncertainty in identifying the user with certainty. Some experts doubt that 4 and 5 could be used a factors of authentication at all, because one of the requirements of factor of authentication is that it should be able to be used as a stand alone method of authentication.
Mutual authentication: Here both the server and client computers authenticate each other. This type of authentication is more secure than one-way authentication, where only the client is authenticated.
Multifactor authentication: Here two or more number of authentication methods are used for granting access to a resource. Usually, it combines a password with that of a biometric authentication.
MFA combines two or more independent credentials (factors). The five broadly known independent credentials are:
1. What the user knows (password),
2. What the user has (security token)
3. What the user is (biometric verification).
4. Where the user is
5. What the user is doing
The goal of MFA is to create a layered defense and make it more difficult for an intruder to access a target such as a physical location, computing device, network or database.
Note that Authentication methods using two or more variables in the same factor still constitute single-factor authentication. For example, a password and a PIN are both in the something you know category, so they can only provide single-factor authentication even when they are used together.
Biometric authentication: Biometric authentication uses measurable physical attributes of a human being such as signature, fingerprint.
CHAP: It is an authentication type that uses three-way hand shake. The passwords are transmitted in encrypted form ensuring security. Compare this with PAP, which transmits passwords in clear text.
Four important aspects of security are authentication, authorization, integrity, and non-repudiation.
Single sign-on: Single sign-on enables one to use all the eligible services with one sign-in.
1. SSO is used for authenticating a user across multiple platforms without having to login each time.
2. Security Assertion Markup Language (SAML) is an XML- based data format used for SSO on web browsers
3. Normally, SSO provides authentication only. Using SSO, an authenticated user will be able to move from one website to another trusted website without having to sign-on again.
4. SAML provides SSO for web-based applications.
5. SAML is used to exchange authentication and authorization information between different parties.
Client Authentication: A client authenticating itself to a server and that server authenticating itself to the client in such a way that both parties are assured of the others' identity is known as mutual or two-way authentication.
Message Authentication Codes (MACs): MAC also called "keyed hashes", are used to verify the authenticity of a message. Let us say, Jane (the sender of a message) and Mike (the recipient) share a secret key. Jane uses the message and the key to compute the MAC, and sends the MAC along with the message. When Mike receives the message, he computes the MAC, and then checks to see if his MAC matches Jane's. If it does, then he knows the message is from Jane and that nobody has changed it since she sent it.