Security Encyclopedia

User Authentication

User Authentication is a process that verifies a person’s identity allowing them access to an online service, connected device, or other resource.

Authenticating users occurs differently across services as business logic and risk profiles at enterprises can vary markedly. Tying together authentication solutions is a basic foundation that a user is required to present one, or a combination of, three authentication factors: knowledge (such as a PIN), possession, and inherence (biometrics). Contextual information gleaned from web browsers and mobile devices also is becoming more common in user authentication. The data points are applied to continuous authentication, but also to adaptive, dynamic, risk-based and other forms of authentication, with some overlap of terminology and meaning in this area.

Network administrators and security teams at the service provider operate tools and set policies that comprise its identity and access management (IAM) framework. Users are traditionally consumers or employees, however the Internet of Things’ emergence has shown that devices will authenticate to each other (M2M).

Example:

“Solutions based on the FIDO Alliance open standards are reimagining user authentication because of these products’ security and usability gains. When you have mobile-initiated login that is already MFA you don’t just check a lot of boxes. It hastens digital transformation initiatives because the UX gains are awesome.”