Authentication is the process of confirming the identity of a person that is attempting to access a system or of confirming the authenticity of a message.
Authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely confirms the identity of the individual, but says nothing about its access rights. Authenticity refers to whether both the source and the content of a message are what they are claimed to be.
Authentication can be based on something that a person knows, has or is. Examples of the first include user names, passwords and pass phrases. Examples of the second include IP addresses, digital signatures, cell phones and identification cards. The third consists of biometric data, which includes fingerprints, palm patterns, iris scans, voice recognition and facial recognition.
A digital signature is a method for authenticating digital information which is implemented using techniques from public key cryptography (PKC). It usually involves two complementary algorithms, one used for signing and the other used for verification.
None of these methods are completely secure, and all could be vulnerable to spoofing, i.e., pretending to be someone or something else. For example, there are ways of discovering user names and passwords, IP addresses can be forged, and even fingerprints can be falsified (such as by using a thin layer of a transparent material that contains someone else's fingerprints).
The chances of successful break-ins can be greatly reduced by requiring multiple types of authentication. And authorization helps minimize the compromising of data or other damage in the event of a break-in.
A major feature of Linux and other Unix-like operating systems is that they can be extremely secure when used according to standard security guidelines (e.g., requiring strong passwords, utilizing the root account only when necessary, shutting down unnecessary services, using a strong firewall and providing physical security). Among the ways in which they accomplish this is by combining authentication (i.e., the requirement for a user name and password in order to log into the system) with a fine-grained system of authorization, referred to as permissions (i.e., read, write and execute permissions that can be set individually for every file, directory or other object on the system).
Created January 29, 2006.