Authentication: Definition and additional resources from ZDNet

(1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.

(2) Verifying the identity of a user logging into a network. Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client. The latter is important in wireless networks to ensure that the desired network is being accessed. See identity management, identity metasystem, OpenID, human authentication, challenge/response, two-factor authentication, password, digital signature, IP spoofing and biometrics.

Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of them are entirely foolproof, but in order of least to most secure, they are:

1 - What You Know
Passwords are widely used to identify a user, but only verify that somebody knows the password.

2 - What You Have
Digital certificates in the user's computer add more security than a password, and smart cards verify that users have a physical token in their possession, but both laptops and smart cards can be stolen.

3 - What You Are
Biometrics such as fingerprints and iris recognition are more difficult to forge, but you have seen such systems fooled in the movies all the time!

4 - What You Do
Dynamic biometrics such as hand writing a signature and voice recognition are the most secure; however, replay attacks can fool the system.

Reproduced with permission from Computer Desktop Encyclopedia.
Copyright (c) 1981-2008 The Computer Language Company Inc.
All rights reserved.

Additional Resources

Linux under attack: Compromised SSH keys lead to rootkit: Linux under attack: Compromised SSH keys lead to rootkitLinux under attack: Compromised SSH keys lead to rootkitLOL! And the hits to linux just keep coming! So thats 4 different incidents within a week's time of how badly linux sucks. Poor linus must be hiding under his bed trying...; Tags: Operating systems, UNIX, Rootkits, OPEN SOURCE, Linux, SSH, attack, Compromised SSH, Compromised, Microsoft Windows, rootkit, security; Discussion threads 2008-08-26
Linux under attack: Compromised SSH keys lead to rootkit: The U.S. Computer Emergency Readiness Team CERT has issued a warning for what it calls "active attacks" against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to...; Tags: Linux, SSH, Attack, U.S. Computer Emergency Readiness Team, Rootkits, Security, Spyware, Adware & Malware, Ryan Naraine; Blog posts 2008-08-26
Go ahead...bring in your laptop: Go ahead...bring in your laptopWe allow people to use their ownso long as they allow me to install security software and updates and inspect the machines at my discretion. Those who do use their own see this as me doing them a favor, not the other way around.I use my...; Tags: NETWORKING, Cyberthreats, network, Go-Ahead, laptop computer; Discussion threads 2008-08-26
An argument about switching costs: An argument about switching costsJust a question...If you're going to be using Windows desktop apps with Sun Ray's, doesn't that mean you'll have to deploy Windows Terminal Server too?Why not drop the cost of Sun Ray and just use WTS (if you're paying for it anyway)?RiskThe core of Dr. Dogs...; Tags: Strategy, Microsoft Windows, Construction, Switching Costs, WTS, information technology, Murph, Sun Ray, window; Discussion threads 2008-08-26
PhoneFactor for LogMeIn (exe): Secure access to your company or personal computer by adding PhoneFactor to LogMeIn. PhoneFactor adds a second layer of authentication an automated phone call to the existing LogMeIn sign-on process. With PhoneFactor, if someone hacks your password and tries to login to your computer using LogMeIn you'll instantly get a...; Tags: LogMeIn, PhoneFactor, Productivity, Telecom & Utilities, Security; Software downloads 2008-08-25

iTunes Unlimited: music subscription rumor returns: iTunes Unlimited: music subscription rumor returnsI just don't understandwhy Apple doesn't offer a subscription service. They already have the DRM and authentication services in place. It would cost them very little.But I guess this is Apple. They tell you how you will use their products that you...; Tags: Digital media, music, Apple Inc., Apple iTunes; Discussion threads 2008-08-21
Fortune 500 companies use of email spoofing countermeasures declining: Here's a paradox - a technology originally meant to verify the sender of an email message for the sake of preventing spoofed messages from reaching the network, still hasn't been embraced by the world's biggest companies despite being around for years, but is actively used by adaptive spammers increasingly abusing...; Tags: Yahoo! Inc., Spammer, Authentication, Fortune 500 Company, E-mail, Spam, Security, Online Communications, Spam And Phishing, Dancho Danchev; Blog posts 2008-08-19
SanDisk Cruzer Titanium Plus (4GB): The 4GB SanDisk Cruzer Titanium ($50) is a new kind of flash drive that offers an automated online backup each time it's attached to a computer with an Internet connection. This model looks almost exactly the same as the original Sandisk Cruzer Titanium, but this one lets you perform automatic...; Tags: Backups, Flash memory, Microsoft Windows, Cruzer Titanium, SanDisk Cruzer, BeInSync, SanDisk Corp., backup, software; Product reviews 2008-08-18
1.5m spam emails sent from compromised University accounts: 1.5m spam emails sent from compromised University accountsThere may be no such thing as ViagraThe combined Governments of the Earth can not stop hacking.No country escapes,all are victims.This is the invasion of our planet.One can expect to see that all forms of communication are hacked.Can you believe anything that is...; Tags: Whis, e-mail; Discussion threads 2008-08-15
Two flavors of software as a service: Intuit QuickBase and Etelos: There are dozens of flavors of clever applications aimed at the office productivity market, often spawned as a result of the Web 2.0 explosion. Where the Web 2.0 application market is driven by eyeballs and their resulting advertising monetization, the enterprise 2.0...; Tags: Security, Software-as-a-service, Intuit Inc., Intuit QuickBase, Etelos, Developer Platform, Software As A Service (SaaS), Cloud Computing, Collaboration, Emerging Technologies, Oliver Marks; Blog posts 2008-08-14
LogMeIn Free (dmg): Free remote access is a reality with LogMeIn. Secure and ease-of-use come together in a powerful remote control solution that's 100% free and gives you full control of your home or work PC from anywhere you are with an Internet connection. LogMeIn is Web-based so it's far easier to use...; Tags: LogMeIn, Remote Access, Ssl/Tls, Internet, Authentication/Encryption, Desktops, Security, Hardware; Software downloads 2008-08-12
Google releases open-source crypto toolkit: Google's security team has released an open-source cryptographic toolkit aimed at making it easier and safer for developers to use cryptography in their applications. The toolkit, called KeyCzar, was originally developed by Steve Weis Google and Arkajit Dey MIT and is available under an Apache 2.0...; Tags: Google Inc., Toolkit, KeyCzar, Programming Languages, Open Source, Security, Software Development, Software/Web Development, Ryan Naraine; Blog posts 2008-08-11
Black Hat Las Vegas Day 2: Again, sorry for the late updates. Vegas is the kind of place that demands a lot of a person. Too many parties make it difficult to find time to blog on the conference. Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...; Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters; Blog posts 2008-08-09
A look at risk-reward: Apple may nuke apps on your iPhone remotely: A look at risk-reward: Apple may nuke apps on your iPhone remotelyMicrosoft already canAll MS has to do is flip a bit on their WGA servers and the next time your Vista logs in, you get a "not validated" message and can't do jack squat with your entire machine.The ONLY...; Tags: Microsoft Windows, Tools & Techniques, Apple Inc., Microsoft Corp., Apple iPhone; Discussion threads 2008-08-07
Expert: SOA vulnerable to DNS security flaw, too: This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw or DNS cache poisoning vulnerability, and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation,...; Tags: security, dns, server, soa, flaw, domain names, service-oriented architecture (soa), networking, internet, web services, enterprise software, software, joe mckendrick; Blog posts 2008-08-06
Why x86 is perfectly fine for now: Why x86 is perfectly fine for nowAgreed - But demand drives progressEverything you say is true, but the more people who say I want 64bit and I want it now, the more progress you will see in 64bit apps and drivers. If 64bit demand is low, companies will turn...; Tags: Intel x86, X64, x86 IS, Vista x64; Discussion threads 2008-08-05
A Guide to Providing Proactive Protection to Consumer Online Transactions: This is a guide to help online businesses to proactively protect customers. The whitepaper discusses the impact of the continually growing number of consumers conducting business online, authentication trends, and what can be done by businesses to better protect consumers online. ...; Tags: Consumer, VeriSign Inc., Authentication, Whitepaper, Security; White papers 2008-08-02
Developing Microsoft ASP.NET Web Applications Using Visual Studio .NET: Instantly save $400 off the standard course price when you register on TechRepublic or ZDNet! Offer ends August 22, 2008.View Available Dates and LocationsIn this instructor-led course, introductory-level web developers will learn the fundamentals of web application development and best practices for Microsoft web development technologies, including ASP.NET 3.5, ASP.NET...; Tags: Microsoft Visual Studio, Web, Microsoft Visual Studio.Net, Microsoft ASP.NET, Web Application, Microsoft Corp., .Net, Middleware, Software Development, Software/Web Development, Enterprise Software, Software; Training 2008-08-01
SQL Server 2005 Tuning, Optimization, and Troubleshooting: Instantly save $400 off the standard course price when you register on TechRepublic or ZDNet! Offer ends August 22, 2008.View Available Dates and LocationsIn this intensive instructor-led workshop, database developers who work in enterprise environments and use Microsoft SQL Server 2005 will gain the knowledge and skills to...; Tags: Performance, Optimization, Microsoft SQL Server, Knowledge, Operating System, Monitoring, Microsoft SQL Server 2005, Storage, Databases, Performance Management, Hardware, Enterprise Software, Software, Data Management, Human Resources, Workforce Management; Training 2008-08-01
Fortify warns of configuration weaknesses in SOA deployments: Security code review specialists Fortify Software has issued a warning about major configuration weaknesses affecting SOA service oriented architecture deployments from IBM, Microsoft and Apache. According to Fortify, certain configurations of Apache Axis, Apache Axis 2, IBM WebSphere 6.1, Microsoft .NET Web Services Enhancements WSE 2.0 and...; Tags: Apache Software Foundation, SOA, Application Security, Attack, Veracode, Service-Oriented Architecture (SOA), Security, Middleware, Enterprise Software, Web Services, Software, Ryan Naraine; Blog posts 2008-07-29

ZDNet Definition for: Authentication

Additional Resources

Neighboring Terms

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads