What is the need of Authentication in Information Security?

Authentication is the procedure of checking if a user or entity or device is who claims to be. In another terms, it is a set of verification and Identification. Authentication falls into three elements which are as follows −

  • The knowledge factors − Something the user understand such as a password, pass phrase, or personal identification number (PIN), challenge response, design.

  • The ownership factors − Something the user has wrist band, ID card, security token, cell phone with included hardware token, software token, or cell phone holding a software token.

  • The inherence factors − Something the user is or does such as fingerprint, retinal designs, DNA sequence signature, face, voice, unique bio-electric signals, or some biometric identifier.

Most organizations used their first web applications to offer generally available data over the public Internet, intranets, and extranets. Successfully handling and acquiring corporate web resources has become a more difficult challenge as internet use has matured.

Organizations that require their employees to access their intranets remotely through the web, or that need to automate their supply chains through extranets, should consider the security and administration concerns that are unique to these position.

Organizations are supporting Web-based access to confidential data. With these configurations, inside and outside users with changing needs and permissions should be able to access several resources supported in the corporate intranet and users should be able to access only data for which they are certified.

It can be adding to the complexity of the issue, some organizations have the luxury of building their data systems from scratch. Most organization required tools that can blend new technology with their current systems to support security to all resources and applications accessed through the Web.

There are several key requirements that should be met in order to handle data securely on a corporate intranet. First, the identity of an individual wanting to access the intranet must be authentic.

Authentication is the procedure of checking that a requester has been issued a unique identifier and learn the secret (for instance, a password or PIN) that is related to that identifier.

This procedure is complex when employees or business partners access data from several computers and, often, from remote areas over the Internet. Users must be able to authenticate from a Web browser or a wireless device (mobile phone or PDA), with no user application requirements.

Moreover, there are often thousands of Web servers in a high enterprise, and users required access privileges for each server they access. This can lead to some issues such as users should remember passwords for some servers, administrators required to handle the access controls for each single server, and some independent entries should be added or deleted when a user’s access privileges change or when employees join or leave the company.

Updated on: 11-Mar-2022


Kickstart Your Career

Get certified by completing the course

Get Started