What is authentication? This is the procedure during which data is checked for their compliance with the present. Verification takes place and the input data is compared with the information indicated in the database. Authentication can be digitally signed. Another way to verify the checksum of the file with the value specified by the author.
Authentication Elements
The identification process involves 5 elements. Here is a list of them:
- subject;
- characteristic;
- system owner
- authentication mechanism;
- access control mechanism.
Under the subject is a person who is trying to log in. He knows the authentication code, these are his characteristics. The recognition engine checks the password, and the access control mechanism is the process that the user lets in. If the entered data does not match, then the authentication failed.
It’s easy to understand how elements work by the example of withdrawing money from an ATM. A subject is a person who wants to receive money, a characteristic is his bank card and personal ID. The owner is the bank itself, which uses its own authentication mechanism to verify data. It analyzes the card and the customer ID of the bank, as well as the entered password and pin code. In the event that everything converges, the user receives permission to perform banking actions. This is access control technology. As a result, the owner successfully removes the required amount of money if the pin and password are correct.
Electronic signature
There are several types of electronic signatures. This is :
- regular electronic signature;
- professional signature;
- unskilled.
A qualified signature can be distinguished by the fact that it has a certificate where the key for verification is indicated. It is obtained as a result of cryptographic conversion of information and allows you to determine the owner of the document. It also helps to detect any changes in the document (even if they were made after verification).
An unskilled signature identifies a person by key, with its help you can track any changes. The main difference from the previous version in the absence of a certificate and confirmation from the law.
A simple electronic signature is created through the use of codes and passwords, it identifies a specific person.
Reusable passwords
The process of using reusable passwords is as follows:
- access is requested, data for access is entered;
- these data are processed on the service, they are compared;
- if everything matches, then the system skips to the next page, otherwise the subject returns to the first step and repeats its actions.
The reference password is stored on the server, as a rule, without cryptographic conversions. Having access to it, it is easy to get to confidential information.
According to GOST 28147-89, it is necessary to use a 256 bit key. This combination of characters is selected using a pseudo random number generator. A common mistake that many users crack is the use of words from a dictionary. If such a code does not change for a long time, the attacker picks it up by simple exhaustive search.
One-time passwords
Often used in two-step authentication. The advantages of this type of password over reusable ones are that it is more difficult for an attacker to get into the system. The essence of the One Time Password method is that a new code is required each time to log in. There are three technologies:
- Pseudo random number generation.
- Single time system. This method is based on generating random numbers over time. When the subject requests access, he needs to enter a PIN code and a random number. This data is compared with the information stored in the database.
- A single database of passwords for the person and the system. Each password can only be used once and is difficult to intercept.
SMS Authentication
This method provides effective protection against hacking. It provides for the use of a one-time code. The main advantage is that the verification key is sent via another channel. What is SMS authentication? This can be understood by the example of how this process occurs:
- A person enters his authentication name and password.
- It receives an authentication key in the form of a text message to the specified phone number.
- Enters it in the appropriate field.
- The program checks for similarities.
Sometimes security is enhanced by requiring a PIN code. This method is common in banking operations when it is necessary to provide the bank's client with security.
Biometrics
One of the ways that almost 100% protects the user from interception of his password and data loss is the use of biometrics. It provides user identification by its unique characteristics. The following list contains the most used biometric attributes:
- Fingerprints. The fingerprint scanner is small in size and easy to use.
- When it is impossible to scan fingerprints, the geometry of the hand is analyzed. The biological repeatability of this method is much larger than the previous one, but still extremely small and amounts to only 2%.
- The retina is a very effective means of identifying a person. This is the most accurate option that is used in modern human identification systems.
- Using a condenser microphone and sound card, you can analyze the voice of the interlocutor and establish his identity. The probability of error is no more than 5%. Verification by voice is made via telephone communication channels.
- Tracking the speed of typing text on the keyboard is rarely used to identify you, but it helps filter out the results.
- Handwritten signature control. The set of handwritten characters is analyzed. For identification of a person, graphic digitizer tablets are used.
Biometric verification is a relatively new direction, it is used in smart payment cards. The method will be used in stores of a new format, which do not provide for direct payment by card or cash.
What is biometric authentication is easy to understand in the following examples. To make a purchase, the customer needs to put a finger on the scanner. Another option involves spectral analysis of the face of the buyer. He enters the store, the camera takes a picture of him, when leaving the store, money is withdrawn directly from his balance. The purchase is carried out without the use of any payment instruments.
Location
What is location authentication? The method is used in conjunction with other methods of establishing a person’s identity. This is one of the common methods during authentication when connecting wi-fi. The most popular ways to identify by geographical location:
- GPS
- Internet access point.
It is not possible to prove the authenticity of a remote user by location, but it will help to avoid hacking. For example, the user receives a message that they are logging in from an unusual place. Now a person can control the situation: block the account or allow access. The GPS sensor sends multiple signals, so that the user's location is determined quite accurately.
The second method resembles the first, but the mechanism is not based on the use of satellites, but on wireless communications points.
Multi-factor authentication
The method combines several factors. This greatly increases the security of the system. An example of this is the advanced protection in some laptops. Code entry required, location tracking, two-step authentication used. If something does not fit together, the person is identified using the verification code that comes on the mobile phone.
Authentication Error: What to do
Errors occur both when entering the site, and when connecting to Wi-Fi. Using the example of identification in a wireless network, you can understand that problems mainly appear in two cases:
- encryption type mismatch;
- incorrectly entered key.
If a person incorrectly enters a login-password link, he receives a message “No data for your authentication” or other text. Necessarily the text will be similar in meaning to the given. If the user is sure that his username and key matches the real ones, you need to look for a problem in the type of encryption. This parameter is configured directly in the settings of the router.