Week 8 Flashcards
(24 cards)
What is authentication?
Proving someone or something is who/what it claims to be.
What is identification?
Finding out who someone is without them claiming an identity.
What are the three main authentication factors?
What you know (e.g., password)
What you have (e.g., card)
What you are (e.g., fingerprint)
Many people are confused by the different terms used. Among them,
the following two pairs of terms caused the most confusion:
authentication and identification; authentication and authorisation.
Explain the differences between these two pairs of terms.
Identification is the process of claiming an identity. It answers the question: “Who are you?”
Example: When you enter a username or show an ID card, you’re identifying yourself.
Authentication is the process of proving that identity. It answers the question: “Can you prove it?”
Example: When you enter your password, provide a fingerprint, or scan a smart card, you’re authenticating yourself.
🔑 Key difference:
Identification is just stating who you are; authentication is proving it.
Why is hashing used for passwords?
To protect passwords if the server is hacked.
What is a salted hash?
A password plus a random value hashed together.
What is MFA?
Using 2 or more authentication methods together.
Why use MFA?
It’s more secure than using just one method.
What is context-based authentication?
Based on where you are or your environment.
What is risk-based authentication?
Changes based on how risky the login looks.
What helps users manage passwords?
Password managers and password checkers.
What is “what you have”?
A card, token, or device you carry.
What is biometric authentication?
Uses body traits like fingerprints or iris scans.
What’s a risk of biometrics?
Can’t be easily changed if stolen or spoofed.
What are non-user entities that need authentication?
Devices, messages, servers, software.
What is access control?
Controlling who can use or see something.
What are the two steps in access control?
Authentication and authorisation.
What is authorisation?
Deciding what an authenticated person can do.
What is DAC (Discretionary Access Control)?
The object owner decides who gets access.
What is MAC (Mandatory Access Control)?
A central authority controls access rules.
What is RBAC (Role-Based Access Control)?
Access depends on your role (e.g., admin, user).
What is ABAC (Attribute-Based Access Control)?
Access based on personal traits (e.g., age).
What is identity management?
Managing digital identities over time.
Why is IdM important?
It helps with authentication, authorisation, and tracking users.
