masqueradingDefinition(s): Show
A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity. Glossary CommentsComments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document. Comments about the glossary's presentation and functionality should be sent to . See NISTIR 7298 Rev. 3 for additional details. What is user authentication?User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity. The term contrasts with machine authentication, which is an automated authentication method that does not require user input. Authentication helps ensure only authorized users can gain access to a system by preventing unauthorized users from gaining access and potentially damaging systems, stealing information or causing other problems. Almost all human-to-computer interactions -- other than guest and automatically logged-in accounts -- perform a user authentication. It authorizes access on both wired and wireless networks to enable access to networked and internet-connected systems and resources. A straightforward process, user authentication consists of three tasks:
User authentication can be as simple as requiring a user to type a unique identifier, such as a user ID, along with a password to access a system. It can also be more complex, however -- for example, requiring a user to provide information about physical objects or the environment or even take actions, such as placing a finger on a fingerprint reader. User authentication methodsThe main factors used in user authentication include the following:
Other factors include location and time factors, which are typically used together or in conjunction with another authentication factor:
Single-factor authentication vs. multifactor authenticationSingle-factor authentication (SFA) requires verification of one piece of information from a user, such as a password. Because SFA commonly employs knowledge factors, which require only a single piece of information, it can't stop an attacker who has stolen a user's password from accessing a user's system. Multifactor authentication (MFA) uses more than one method of authentication to verify the identity of a user. For example, a user may be required to provide a password in combination with a security question. Two-factor authentication (2FA) uses factors from two of the authentication categories, while four-factor authentication (4FA) uses at least one factor from four categories of factors. The latter is considered far more secure due to the additional layers of security that come with more factors. Multifactor authentication requires two or more factors to prove identity.User authentication limitations and improvementsA number of issues affect the security of an authentication system. In addition to the number of factors involved, the specific technologies used and the manner in which they are implemented affect reliability. Well-designed and appropriately enforced implementation rules can help ensure the security of user authentication. For example, passwords -- among the most vulnerable methods of authentication -- are relatively insecure because hackers can typically easily guess and crack them. To alleviate the problem, several industries and organizations have implemented strong password standards, which insist users create passwords that meet minimum length and other requirements, such as including at least one number and letter plus a symbol. The ubiquity of mobile devices and cloud computing today has greatly affected how enterprises implement authentication. In the past, a simple password authentication system was sufficient to keep networks secure. However, increased risk of data breaches has made companies reevaluate their authentication strategies. Modern authentication processes should involve more than a single factor in order to ensure the highest level of security.
While MFA provides added layers of security for confirming a user's identity, it is also important not to overburden users with difficult authentication routines, which can lead to noncompliance that undermines the purpose of the authentication system in the first place. For instance, MFA with automatic processes can enhance security, while minimizing the effort required by the user. MFA is especially important for organizations that offer cloud-based services, as the cloud itself provides secondary authentication if a user has a password breach. This was last updated in April 2021 Continue Reading About user authentication
Dig Deeper on Identity and access management
What is Unauthorised access to a computer system called?Unauthorized computer access, popularly referred to as hacking, describes a criminal action whereby someone uses a computer to knowingly gain access to data in a system without permission to access that data. Hacking is illegal under both California and federal law, and can result in heavy penalties.
What are the ways used to gain access to a system without authorization?Here are five of the most common ways unauthorized access can occur, along with some methods and technologies for combatting them.. Tailgating. ... . Door Propping. ... . Levering Doors. ... . Keys. ... . Access Cards.. What are the types of unauthorized access?Know and Prevent the 6 Types of Unauthorized Access. Tailgating. ... . Collusion. ... . Pushing, Crawling Under or Climbing Over. ... . Passbacks. ... . Fraudulent Use of Cards. ... . Door Propping.. Which attack is used to obtain an Unauthorised access?Web Application Attacks
A web application attack involves cybercriminals exploiting vulnerabilities in the application to gain unauthorized access to databases that contain sensitive information, such as personal or financial data.
|