Reply To: OCU ISSO Week 1 Lesson 03 Discussion
IST3100 Information Systems Security Officer
Authentication is the process of determining whether someone or something is, in fact, who or what it says it is (Shacklett, 2023). What I have learned this week is that authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server (Shacklett, 2023). The importance in doing this is that authentication assures secure systems, secure processes and enterprise information security (Shacklett, 2023).
There are several authentication types. For purposes of user identity, users are typically identified with a user ID, and authentication occurs when the user provides credentials such as a password that matches their user ID (Shacklett, 2023). In the practice of requiring a user ID and password is known as single-factor authentication (SFA) (Shacklett, 2023). In recent years, companies have strengthened authentication by asking for additional authentication factors, such as a unique code that is provided to a user over a mobile device when a sign-on is attempted or a biometric signature, like a facial scan or thumbprint (Shacklett, 2023). Many of us are similar with this process just by being a smartphone user. This is known as two-factor authentication (2FA) (Shacklett, 2023).
Authentication factors can even go further than SFA, which requires a user ID and password, or 2FA, which requires a user ID, password and biometric signature (Schacklett, 2023). When three or more identity verification factors are used for authentication; for example, a user ID and password, biometric signature and perhaps a personal question the user must answer; it is called multifactor authentication (MFA) (Shacklett, 2023).
Shacklett, M. (2023) https://www.techtarget.com/searchsecurity/definition/authentication