What is currently the most common way to authenticate users on private and public computer networks?

There is a growing demand for different types of user authentication technologies for both online and in physical systems. The motivation to authenticate users ranges from access control reasons to business development purposes like adding e-commerce elements.

Organizations need to understand that passwords are not the only way to authenticate users. There is a wide variety of authentication technologies and an even greater range of activities that require authentication methods.

What Is Authentication?

Authentication is the process of identifying users that request access to a system, network, or device. Access control often determines user identity according to credentials like username and password. Other authentication technologies like biometrics and authentication apps are also used to authenticate user identity.

Why Is User Authentication Important?

User authentication is a method that keeps unauthorized users from accessing sensitive information. For example, User A only has access to relevant information and cannot see the sensitive information of User B. 

Cybercriminals can gain access to a system and steal information when user authentication is not secure. The data breaches companies like Adobe, Equifax, and Yahoo faced are examples of what happens when organizations fail to secure their user authentication. 

Hackers gained access to Yahoo user accounts to steal contacts, calendars and private emails between 2012 and 2016. The Equifax data breach in 2017 exposed credit card data of more than 147 million consumers. Without a secure authentication process, any organization could be at risk.

5 Common Authentication Types

Cybercriminals always improve their attacks. As a result, security teams are facing plenty of authentication-related challenges. This is why companies are starting to implement more sophisticated incident response strategies, including authentication as part of the process. The list below reviews some common authentication methods used to secure modern systems.

1. Password-based authentication

Passwords are the most common methods of authentication. Passwords can be in the form of a string of letters, numbers, or special characters. To protect yourself you need to create strong passwords that include a combination of all possible options. 

However, passwords are prone to phishing attacks and bad hygiene that weakens effectiveness. An average person has about 25 different online accounts, but only 54% of users use different passwords across their accounts. 

The truth is that there are a lot of passwords to remember. As a result, many people choose convenience over security. Most people use simple passwords instead of creating reliable passwords because they are easier to remember. 

The bottom line is that passwords have a lot of weaknesses and are not sufficient in protecting online information. Hackers can easily guess user credentials by running through all possible combinations until they find a match.

2. Multi-factor authentication

MFA authentication methods and technologies increase the confidence of users by adding multiple layers of security. MFA may be a good defense against most account hacks, but it has its own pitfalls. People may lose their phones or SIM cards and not be able to generate an authentication code.

3. Certificate-based authentication

Certificate-based authentication technologies identify users, machines or devices by using digital certificates. A digital certificate is an electronic document based on the idea of a driver’s license or a passport. 

The certificate contains the digital identity of a user including a public key, and the digital signature of a certification authority. Digital certificates prove the ownership of a public key and issued only by a certification authority. 

Users provide their digital certificates when they sign in to a server. The server verifies the credibility of the digital signature and the certificate authority. The server then uses cryptography to confirm that the user has a correct private key associated with the certificate.

4. Biometric authentication

Biometrics authentication is a security process that relies on the unique biological characteristics of an individual. Here are key advantages of using biometric authentication technologies:

• Biological characteristics can be easily compared to authorized features saved in a database. 
• Biometric authentication can control physical access when installed on gates and doors. 
• You can add biometrics into your multi-factor authentication process.

Biometric authentication technologies are used by consumers, governments and private corporations including airports, military bases, and national borders. The technology is increasingly adopted due to the ability to achieve a high level of security without creating friction for the user. Common biometric authentication methods include:

• Facial recognition—matches the different face characteristics of an individual trying to gain access to an approved face stored in a database. Face recognition can be inconsistent when comparing faces at different angles or comparing people who look similar, like close relatives. Facial liveness like ID R&D’s passive facial liveness prevents spoofing.
• Fingerprint scanners—match the unique patterns on an individual’s fingerprints. Some new versions of fingerprint scanners can even assess the vascular patterns in people’s fingers. Fingerprint scanners are currently the most popular biometric technology for everyday consumers, despite their frequent inaccuracies. This popularity can be attributed to iPhones.
• Speaker Recognition —also known as voice biometrics, examines a speaker’s speech patterns for the formation of specific shapes and sound qualities. A voice-protected device usually relies on standardized words to identify users, just like a password.
• Eye scanners—include technologies like iris recognition and retina scanners. Iris scanners project a bright light towards the eye and search for unique patterns in the colored ring around the pupil of the eye. The patterns are then compared to approved information stored in a database. Eye-based authentication may suffer inaccuracies if a person wears glasses or contact lenses.

Digital authentication is the process of verifying that users or devices are who or what they claim to be in order to enable access to sensitive applications, data and services. There are multiple ways to verify electronic authenticity. Here's an outline of the most popular digital authentication methods in the enterprise today.

Unique passwords. When most of us think of authentication, using a unique username and password combination likely comes to mind. In the enterprise, passwords remain the most common digital authentication method. User or devices typically have their own username that is not secret. This username is combined with a unique and secret password known only by the users or devices to access company data, applications and services. While the unique password authentication method works, it can become burdensome to end users due to the sheer number of passwords they must manage. This is one reason why technologies such as single sign-on (SSO) have become so popular. With SSO, users must only remember a single secret password that will authenticate them and allow access to multiple corporate services.

Preshared key (PSK). A PSK is a password that is only shared among users or devices that are authorized to access the same resources. The most common example of PSK use within the enterprise is during Wi-Fi authentication. A PSK is often used to allow employees to gain access to the corporate network. However, because the password is shared, it is considered less secure than individual password alternatives.

Biometric authentication. The use of biometrics to verify users is growing in popularity. Fingerprints and facial recognition are two popular methods used today. Other methods include hand geometry, retina and iris scans, voice recognition and signature-based analysis. It has become common for devices such as smartphones, tablets and PCs to incorporate biometric technologies into their hardware for digital authentication purposes.

Two-factor authentication (2FA). 2FA takes the process of a standard username and unique secret password and applies a second layer of verification. This second layer in 2FA may include a text message sent to a specific mobile phone number when access is granted, the use of hardware and software tokens, biometric authentication or push notifications to the user.

While the unique password authentication method works, it can become burdensome to end users due to the sheer number of passwords they must manage.

Behavioral authentication. Behavioral biometric authentication is a more complex method for verifying users. This authentication method is commonly implemented in highly sensitive businesses deals. Behavioral biometric verification can involve analyzing keystroke dynamics or mouse-use characteristics. To verify a user or machine, AI analyzes user data or a device's typical computing behavior. If that behavior veers outside of predefined baselines, it triggers a lockdown of what that user or device is authorized to access.

Device recognition. Endpoint security management platforms can be implemented that recognize authorized hardware and immediately allow them access to certain network resources. This type of authentication is most used in companies with BYOD policies. It is an added precaution to ensure that only devices that are deemed appropriate can connect to the network.