NAME: TOOBA KHAN

ROLL NUMBER : CPED-13-2017

SUBJECT: COMPUTER NETWORK AND
SECURITY
TOPIC: USER AUTHENTICATION
USER AUTHENTICATION
 WHAT IS USER AUTHENTICATION

• Authentication is the process of determining whether someone or something is, in fact, who or
what it declares itself to be. Authentication technology provides access control for systems by
checking to see if a user's credentials match the credentials in a database of authorized users or in
a data authentication server.
 DIFFERENT TYPES OF USERS
AUTHENTICATION
• Two-factor authentication
• Multifactor authentication
• One-time password
• Three-factor authentication
• Biometrics
• Mobile authentication
• Continuous authentication
• API authentication
• HTTP basic authentication
• API key authentication
• Open Authorizatio (OAuth)
 TWO-FACTOR AUTHENTICATION

• Two-factor authentication adds an extra layer of protection to the process of authentication. 2FA
requires that a user provide a second authentication factor in addition to the password. 2FA
systems often require the user to enter a verification code received via text message on a
preregistered mobile phone, or a code generated by an authentication application.
 MULTIFACTOR AUTHENTICATION

• Multifactor authentication requires users to authenticate with more than one authentication
factor, including a biometric factor like fingerprint or facial recognition, a possession factor like
a security key fob or a token generated by an authenticator app.
 ONE-TIME PASSWORD

• A one-time password is an automatically generated numeric or alphanumeric string of characters

that authenticates a user. This password is only valid for one login session or transaction, and is
usually used for new users, or for users who lost their passwords and are given a one-time
password to log in and change to a new password.
 THREE-FACTOR AUTHENTICATION

• Three-factor authentication (3FA) is a type of MFA that uses three authentication factors, usually
a knowledge factor (password) combined with a possession factor (security token) and inherence
factor (biometric).
 BIOMETRICS

• While some authentication systems can depend solely on biometric identification, biometrics are
usually used as a second or third authentication factor. The more common types of biometric
authentication available include fingerprint scans, facial or retina scans .and voice recognition
 MOBILE AUTHENTICATION 

• Mobile authentication is the process of verifying user via their devices or verifying the devices
themselves. This lets users log into secure locations and resources from anywhere. The mobile
authentication process involves multifactor authentication that can include one-time passwords,
biometric authentication or QR code validation.
 CONTINUOUS AUTHENTICATION

• With continuous authentication, instead of a user being either logged in or out, a company's
application continually computes an "authentication score" that measures how sure it is that the
account owner is the individual who's using the device.
 API AUTHENTICATION 

• The standard methods of managing API authentication are: HTTP basic authentication; API keys
and OAuth.
 HTTP BASIC AUTHENTICATION

•  The server requests authentication information, i.e., a username and password, from a client.
The client then passes the authentication information to the server in an authorization header.
 API KEY AUTHENTICATION

• A first-time user is assigned a unique generated value that indicates that the user is known. Then
each time the user tries to enter the system again, his unique key is used to verify that he is the
same user who entered the system previously.
API key authentication
 OPEN AUTHORIZATION (OAUTH)

• It is an open standard for token-based authentication and authorization on the internet. OAuth
allows a user's account information to be used by third-party services, such as Facebook, without
exposing the user's password. OAuth acts as an intermediary on behalf of the user, providing the
service with an access token that authorizes specific account information to be shared.