Authentication
What is authentication?
Definition:
Authentication is the verification process of a user's, process', or devices' identity. Authentication commonly is used to restrict access.
Analogy:
Authentication is like your government ID.
In order to fly or drive a car, you need to authenticate that you have the right credentials to do so as a legal citizen or resident.
In other words:
Authentication is the process of determining whether someone or something is who that someone or something actually is.
Why is authentication important?
It's one thing to know what a term means, but that is worthless if you don't know why you should know what authentication is in the first place. Let's break down the importance of this tech term based on two high level categories. We'll walk through an explanation as well as provide a score, 1-10, that shows you how much you should care about authentication.
Pre-Product: 4/10
The first will be if you do not have a product yet. This means that you don't have a physical product. Maybe you're in the ideation phase, or maybe you're almost ready to start development. Whichever it is, we'll get into why authentication is important and why you should or shouldn't care about it if you do not have a product.
Authentication isn't a term you need to be too familiar with before you launch a product. The only thing you need to understand is the purpose of the authentication, as well as if it will be part of your product in any way. If it will be, it is important to understand how and where it will be integrated so you can properly articulate your vision. Ensuring that you plan a product's security can be vital to your business model and attracting new users, so be sure you have a clear path as to how you will make future users feel safe.
Live Product: 5/10
The second category is if you do have a live product. Maybe you just launched your business or maybe it's been live for years and you're continuing to improve its quality. Regardless of the scenario, if your product is live, authentication carries a different weight.
This term is more relevant if your product is live because that means that you likely are actively utilizing an authentication feature, so you should be able to speak to this feature if a user, or anyone, asks you questions about it. If your product has any type of login feature, that means you have authentication involved. It is important that you review your processes for authentication to ensure that you are using methods that keep your user's information and accounts safe.
Examples of authentication
So you know what authentication is, by definition. You know if you should care about it or not depending on your situation as a business/company/product. To dig in deeper, we will walk through some examples so we can make sure you really have a solid grasp on authentication.
There are five common types of authentication that we will walk through. More than likely, you have encountered at least a few of these methods in order to keep your accounts secure and prevent others from accessing your profile on numerous applications.
- Passwords
A password is the most common method of authentication. You have passwords to tons of different accounts, and as long as you keep your password secure, nobody else will get into your account. It is important to use passwords that are long and have a combination of letters, numbers, and symbols. The harder you make your password, the harder it will be to hack. The most common passwords tend to be 123456, qwerty, password, and other basic patterns, so be sure you make yours a bit tougher to crack than those.
1Password is a commonly used tool used to hep store passwords as a team. - Multi-factor
The beauty of multi-factor authentication (MFA) is that it requires multiple points of authentication in order to login or be verified. Common ways you will see MFA being used is through codes texted to your mobile phone, codes sent to your email, CAPTCHA (those little quizzes you have to take to prove you aren't a robot), biometric, facial recognition, and more. The point here is that you are creating another layer of security to protect a user's account. - Token
A token system is a process where you as the user will enter a password, to which you'll then receive a random string of text that can be used to access information. The digital token will serve as your authentication and is validated in that you are only able to receive the token if you know the password. - Biometric
There are tons of different biometric authentication processes out there, many of which you use quite frequently. The beauty of biometric authentication is that it requires your physical presence in order to work, keeping things extra secure. There are four common methods of biometric authentication:
Facial Recognition- when you scan your face to log into your phone, you are engaging in facial recognition. This allows you to access your phone just by looking at it, without having to enter any passwords or remember any keys. Your face will be stored in a database, which will be referenced when you your face is scanned, matching facial structures to validate your identity.
Voice Recognition - when you speak, your voice has different tones and intonations that are unique to your vocal cords. Often times, in order to authenticate with voice recognition, you will be required to repeat a specific word or phrase.
Fingerprint Scan - a fingerprint scan is something you see a lot to access buildings or secret vaults. It is also used quite frequently with laptops. This is the most popular form of biometric authentication and is performed by matching your fingerprint and vascular patterns to validate your identity.
Eye Scan- this is something you see a lot in the movies. A machine will scan your iris and retina, looking for your unique eye patterns, to validate that you are who you are. This is commonly used to access physical spaces and is not too common for things like phones or computers.
As you'd imagine, it would be pretty tough to 100% mimic these forms of authentication! - Certificate
This form of authentication uses a digital certificate to identify users, machines, or devices. Think of this as a drivers license but digitally. Your drivers license is an agreed upon form of identify that validates who you are as a person - a certificate is the exact same thing. A digital certificate proves the ownership of an associated public key to that certificate and is accompanied by a signature validating the legitimacy of the certificate.
Key Takeaways:
- Authentication is the process of determining whether someone or something is who that someone or something actually is.
- Whether you do or don't have a product, you need to be sure you are aware of how authentication will protect your user's information and keep their data safe.
- There are five common methods of authentication: passwords, multi-factor, tokens, biometric, and certificates.