As noted above,
authentication is a means for proving your
identity, and is based on
what you have,
what you know, and
what you are. Basic
authentication mechanisms typically require a person to
present one of the above to a
gatekeeper system, which verifies the
presented credential matches the information in a database.
These systems may be password systems, basic biometric systems, or keycard systems. These each have faults - relying only on one aspect lends to a weakness in the scheme. These weaknesses are:
- What you know: Even if you choose a good password, ultimately the gatekeeper knows the same secret you do. Someone can compromise the gatekeeper's database and pretend to be you.
- What you have: something you have can be taken. Until you report it stolen, anyone can pretend to be you.
- What you are: cannot be changed. If someone copies your fingerprints, they can pretend to be you forever.
Strong authentication schemes will not only incorporate two or more basic authentication mechanisms, but will be based around
challenge/response. The
gatekeeper will
challenge the user, who must
prove that they know enough to generate a valid
response. An example is
RSA authentication in
ssh. The user must
have a key, and
know its
passphrase. The gatekeeper only has the
public half of the key, and the user proves, through
public key cryptography, that they have access to the
private key.