To continue with this content, please log in with your Data Access ID or create a new account.
Cancel Data Access ID
You may not be authorized to see this content. Please contact Data Access Europe for more information.
Cancel Data Access Europe
You are not authorized to see this content.
Cancel Data Access Europe
Next lesson:
Authentication Passcode Storage

Security the Basics

Lesson 14: Authentication - Overview

The entire point of logging into a system is to establish the identity of a user. This is usually achieved with the use of a username or email address. Identities in software are used to control access and to establish accountability. 

Identities, such as just an email address, are not secret, so it is easy to impersonate someone to commit fraud.  Authentication is when a user proves their identity. Authentication is achieved with a secret code or password. A key, such as a smart card, can be used, or a bio-metric property, such as a fingerprint. 

Application security is very difficult because there is always a trade off between usability and security. There is never a single, perfect, one-size-fits-all solution for authentication. For example, a key card is secure enough for allowing entry into a shared office but is insufficient for gaining access to a vault or high-security lab. 

If a developer does not want to do any authentication, they have the option of delegating it to other systems such as active directory, client certificates, or using OAuth2, which allows other applications to authenticate the user.