Thursday, December 27, 2018

Authentication vs Authorization

Authentication:
Authentication is about validating your credentials like User Name/User ID and password to verify your identity. 
The system determines whether you are what you say you are using your credentials. In public and private networks, 
the system authenticates the user identity via login passwords. Authentication is usually done by a username and 
password, and sometimes in conjunction with factors of authentication, which refers to the various ways to be 
authenticated. Authentication factors determine the various elements the system use to verify one’s identity prior 
to granting him access to anything from accessing a file to requesting a bank transaction. 
Sending Users to 3DS page is Authentication.

Types of Authentication:
Single-Factor Authentication – Simplest authentication method which relies on a simple password to grant user access 
to a website or a network. UserName and Password.

Two-Factor Authentication – It is a two-step verification process which not only requires a username and password, but 
also something only the user knows, to ensure an additional level of security, such as an ATM pin, which only the user 
knows. OTP too is an added level of security. This also comes under multi-factor authentication. ATM Card and PIN. 
Static Question and Answers after successful login/password. 

Multi-Factor Authentication – Most advanced method of authentication which uses two or more levels of security from 
independent categories of authentication to grant user access to the system. All the factors should be independent of 
each other to eliminate any vulnerability in the system. Financial organizations, banks, and law enforcement agencies use 
multiple-factor authentication to safeguard their data and applications from potential threats. UserName and Password and 
OTP. UserName, Password, Biometrics (fingerprint or thumbprint, palm, handprint, retina, iris, voice and face), RSA SecurID/Token. 
Sometimes it sends some basic question with answers in registered mobile and once user clicks the answer then only login is allowed. 
Also Personal Identity Verification (PIV) Card is like smart card given to employees, citizens. A smart card is a physical card that 
has an embedded integrated chip that acts as a security token. Captcha/Basic maths questions/Picture puzzle along with UserName/Password.


Authorization:
Authorization occurs after your identity is successfully authenticated by the system, which ultimately gives you full permission to 
access the resources such as information, files, databases, funds, locations, almost anything. Authorization determines what user can 
and cannot access. Once your identity is verified by the system after successful authentication, you are then authorized to access the 
resources of the system like Debiting Card. Authorization comes only after successful authentication.

Other examples of Authentication:
    One of the most common methods of detecting a user’s location is via Internet Protocol (IP) addresses. For instance, suppose that 
    you use a service which has Geolocation security checks. When you configure your account, you might say that you live in the 
    United States. If someone tries to log in to your account from an IP address located in Germany, the service will probably notify 
    you saying that a login attempt was made from a location different than yours. That is extremely useful to protect your account 
    against hackers. IP addresses, however, are not the only information that can be used for the somewhere you are factor. It is 
    also possible to use Media Access Control (MAC) addresses. An organization might set up its network so only specific computers 
    can be used to log in (based on MAC addresses). If an employee is trying to access the network from a different computer, the 
    access will be denied. An example, Monzo Bank Ltd., a mobile-only bank based in the United Kingdom, uses Geolocation to detect 
    possible payment frauds. If your last known location was, say, in France and then four minutes later your card is used in Japan, 
    that could be an indication that you are not in the same location as your card.

    Windows 8 users might know about a feature called Picture Password. This feature allows the user to set up gestures and touches on 
    a picture as a way to authenticate themselves. Even HDFC netbanking login asks you to touch picture password apart from login/password.

No comments:

Post a Comment