Authentication Flashcards
What is password less authentication?
Password less authentication uses biometric devices to authenticate users, such as
fingerprint scanners, facial recognition technology, or even iris scans. Biometric devices provide a convenient and secure way for users to access their digital services without the need for complex passwords, which are sometimes difficult to remember and can potentially be compromised. In fact, password less authentication is integrated into most mobile devices and laptops today, and even small businesses now incorporate biometric authentication systems. This not only improves security, but also provides a more seamless and efficient user experience. However, you should note that while password less authentication systems are more secure than traditional password-based systems, your devices will not be completely safe from hacking attempts.
What is 2 factor authentication?
However, with two-factor authentication or 2FA, you can add an extra layer of protection to online accounts. 2FA requires you to provide two different types of information or
credentials to verify your identity. This makes it harder to gain unauthorized access to your accounts. Typically, the first factor is something you know like your password. Then the second factor is something you have like your cell phone. So when you enable 2FA for an account, you’ll first enter your password when logging in. Then, you’ll be prompted to enter a code that’s sent to your phone, which is also called a onetime password, OTP. Businesses can use specialized apps called authenticators to generate these codes on their personal phones or devices.
This ensures that even if someone knows your password, they still can’t access your account without the second factor. Some of the popular authenticator apps used to generate codes for two-factor authentication are Google authenticator, Microsoft authenticator, and Authy. Another type of two-factor authentication makes use of security keys, which are physical devices used to authenticate users. This security key is a small USB-like device that you insert into a USB port,
or you can use it wirelessly with Bluetooth, or Near Field Communication, otherwise known as NFC.
When you log in, you are prompted to insert the security key and press a button to verify your identity. The key will then generate a onetime code that is sent to the system,
which verifies its authenticity. This is also called Universal Second Factor, or U2F authentication standard. Security keys are considered highly secure because they are not vulnerable to phishing attacks where attackers try to trick users into disclosing their usernames or passwords. They are also more secure than other forms of two-factor authentication because they cannot be intercepted or stolen through malware or other online attacks. FIDO is one of the most popular vendors of U2F security keys.
What are other password less authentications?
LDAP, which stands for Lightweight Directory Access Protocol. LDAP is a protocol used to access and manage centralized user authentication and authorization. Azure Active Directory is a very popular service that uses LDAP, or RADIUS, which stands for Remote Authentication Dial-in User Service. RADIUS is a client-server protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. It is often used for remote access to networks. Another protocol is called certificate-based authentication, which is an authentication method that uses digital certificates to verify the identity of a user, device, or application. And lastly, Kerberos is a network authentication protocol that provides mutual authentication between a client and a server in a network environment. It protects businesses against password sniffing attacks by encrypting authentication credentials. It is commonly used in Windows domains.
What is the main difference between authorization and authentication?
So, the main difference between authentication and authorization is that authentication verifies the identity of a user, while authorization determines what resources and services they are allowed to access. In other words, authentication is the process of proving who you are, while authorization is the process of determining what you are allowed to do.
Authentication is typically the first step in the access control process, as it ensures that only authorized users are granted access to the system. Once a user is authenticated, authorization mechanisms are used to determine what resources and services those users will be allowed to access.
What is Authorization?
Determines what actions a user can perform
Controls access to resources
2nd line of defense
Ongoing process
Relies on user-provided credentials
Relies on predefined policies and rules
What is Authentication?
Verifies the identity of a user, device, or system
Prevents access if not verified
First line of defense
Typically, a one-time event
Relies on user-provided credentials
What are the authorization models?
-Role-Based Access Control (RBAC): most common; group of individuals assigned
-Attribute-Based Access Control (ABAC): roles, geo, environ, & context
-Mandatory Access Control (MAC): predefined; military & gov
-Discretionary Access Control (DAC): up to the owner
-Rule-Based Access Control (RuBAC): set of rules
-Federation: resources and services across multiple organizations or domains
What are tiers?
The different levels of access that can be granted to individuals or entities depending on their role, responsibilities, and levels of trust. Some common tiers of authorization can include guest access, which is the lowest tier of authorization and typically provides limited access to resources or services. User access is usually next and is granted to registered users who’ve authenticated themselves to the system. User access typically provides more privileges than guest access, allowing users to create, edit and view their own data. Next is administrator access. This tier is granted to individuals who have a higher level of responsibility and control over the system. For example, IT departments. They can typically create, edit and delete users, as well as configure system settings and manage resources. With superuser access, individuals are given complete control over the system, including access to all resources and the ability to modify any aspect of the system. Superusers are typically responsible for maintaining and securing the system. However, role-based access is more at an individual level and is based on the roles and responsibilities of the individuals within an organization. Access is granted based on the user’s role, such as a manager, employee, or contractor. Role-based access ensures that individuals only have access to the resources and services they need to perform their job functions.
And finally, you have conditional access. This tier of authorization is based on the context of the access request, such as the location, device, time, network. Conditional access provides an additional layer of security by ensuring that access is granted only under specific conditions.
