Friday, 20 February 2009

Let me ask you one simple question:

“Do you know the different between Identity and Authentication? ” Actually this can be quite a hard question to answer but put simply, identity is the state or fact of being the same one as described whereas authentication is to establish as genuine the facts presented. Clear as mud I'm sure!

So here's an example to help you: James Brown has a key to unlock and drive his car. The car can be unlocked as he approaches his car but only by his key. However, if Joe loses his key in the car park whoever finds it has the ability to unlock and drive that car...and could even copy that key. What has happened here is that the key provides an identity the car recognises or "fact of being the same." It has no way of questioning the validity of the user within the request.
Can you imagine if all you had for your bank account was your cash card, or to logon to your laptop, was a username? This is why PIN's and passwords are used to form part of the authentication process, but all too often we make them useless but simplfying them, writing them down or even letting others know it!

This is why two-factor authentication is not only becoming increasingly popular but standard for a growing number of industries and organisations serious about authentication. So if James Brown's laptop that was in the back of his car was protected with 2FA, the 'new owner' would have to know his user name, PIN and have his password token to 'be him' in order to authenticate to the server.

The benefits of authentication over identity are clear.


Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan