The authentication refers to the verification of identity on an informatic system to access to a platform. This verification is made through an identification, commonly with a username and a password: the user ID. The creation of the identification on a system is requiring several information and acceptation from the user like:
- first name and last name,
- email address and/or personal address
- date of birth,
- creation of a password,
- agreement to the terms and conditions.
Authentication is a process to secure a network. The user ID is part of one kind of authentication factors. An authentication factor is “data or attribute that can be used to authenticate a user requesting access to a system” according to Search Security. They are knowledge, possession and inheritance information:
- Knowledge factor: something the user knows to log in (a password, a username or a PIN)
- Possession factor: something the user has, to recognize its identity (ID cards, security badge)
- Inheritance factor: something the user is biologically related to (fingerprint, voice recognition, face recognition)
An authentication is not an authorisation, the distinction between the two words is often misunderstood. The authorisation is a process that gives the right to access to a platform; it “is a process by which a server determines if the client has permission to use a resource or access a file” says Boston University TechWeb.
It is important to make a clear distinction between the two processes: “authentication is the process of validating the identity of a registered user before allowing access to the protected resource, authorization is the process of validating that the authenticated user has been granted permission to access the requested resources” – Search Security. However, when a user ID is confirmed, the authorization to a platform is not certain.
Furthermore, it is regularly advised to choose a different password for each platform to reduce the chance of cyber-attacks. The evolution of connected devices through the IoT is increasing the risk of a data breach. The devices are communicating data to each other thanks to the sensors they are equipped with. It means that a device can be connected thanks to another one without an authorisation. The hacking opportunity is high because IoT devices are not always designed to anticipate potential threats.
The security of identity is becoming a serious issue with the digitalisation of things. The European project IOTnuggets aim to “prepare experts in data and security protection within the IoT ecosystem“. The project is covering a framework on authentication within a training course. You can have further information on http://iotnuggets.unibit.bg/.
Learning how to protect its identity is fundamental concerning the evolution of European societies through digitalisation. The European Digital Learning Network is concern about this topic and will share diverse content about it to raise the consciousness of European on www.dlearn.eu.