Proving you are who you say you are
In the world of cybersecurity, authentication means using some means to identify yourself so that you can access a computing system. Essentially, proving you are who you say you are to do work or other activities on it. Authentication also helps us, cybersecurity folks, to make sure that we can track who is using the systems and what they are doing with them.
There are several ways to authenticate to a system; we think of them as using one or a combination of three types of information:
Something you are
Something you know
Something you have
Multi-facter Authentication (MFA)
To provide a little more depth, a fingerprint, retinal scan, or perhaps voice recognition are examples of “something you are.” Something you know would be a password, passphrase, pin, or even a pattern in a group of images. An example of what you have could be a token of some sort or an ID with a chip specifically designed to pass certain information to a reader. Each method is a way to prove you are who you say you are. Your debit card and pin are examples of something you have (your debit card) and something you know (your pin).
A single one by itself is more vulnerable than if you use more than one method. Using more than one authentication type is called Multi-Factor Authentication, or MFA. An excellent example of this would be when you use a password AND a unique ID (we like and use Yubikey) to access a computer system. In that case, you would be using both something you know and something you have. It is a lot harder to fake both simultaneously than it is to fake just one.
In some situations, you must go through a battery of access methods that use all three scenarios, sometimes more than once, to allow you access.
Why do we need it?
Why do we need all of this to get into a computer for work or play? That’s a good question.
Many computing devices connect to our home network through a router and Wi-Fi or cable modem to the Internet. The Internet has a lot of traffic, and quite a bit of that traffic is malicious in intent. There are bad people out there that want to steal your personal information. These people can steal information such as your Social Security number, bank account information, credit information, birth date, et cetera. Others may want to gain access to use your computer to use it to attack others. They can do this because they have researched and found ways to get around the authentication methods used in some cases.
Using strong authentication to protect our systems and data helps to prevent exposure to time-consuming and expensive situations.
Take the time to ensure you and your family or your organization use appropriate methods of authentication. Security doesn’t have to be challenging.