Trivia – Authentication

Hello all! Today we will discuss a trivia that is important in cyber security: authentication methods. In the previous weeks, our trivias are all related to network 😅 Today we will discuss a trivia that is not related to network, which is the general info about authentication.

Image source: https://swoopnow.com/user-authentication/ 

However, before that, we will first identify the terms of identification, authentication, and authorization in security. For the analogy to make it easier to understand, we will use “login into an email account” as the use case.

1.     Identification is how the system identifies you or someone. For example, we typed the username of the account, which is “John Doe”.

2.     Authentication is how the system verifies that you are the one that it identifies in the previous phase. For example, when we want to log in to John’s account, we need to type the correct password.

3.     Authorization is the system gives access to us because it already trusted our identity. For example, after the login to John’s account is successful, we can access John’s email because the system already authorized them to us.

 

Below are common authentication types:

-        What do you have? Example: smart card, mobile phone.

Image source: https://www.sayanaapartments.com/kabar-terkini/mengenal-access-card-kartu-akses-masuk-yang-banyak-digunakan-di-apartemen-dan-hotel-di-indonesia

 

-        What do you know? Example: password, pattern, PIN.

Image source: https://id.wikipedia.org/wiki/Kata_sandi

 

-        Who are you? Example: biometrics (fingerprint, retina scan).

Image source: https://cyberhoot.com/cybrary/biometrics/

Do you know that fingerprint is more recommended to be used as biometrics security rather than retina scan? The reason is that retina scan is easier to be spoofed. Besides that, from a person eye, we can know some private information, such as their diseases. Therefore, to ensure better privacy, fingerprint is more used in the industry.

Additional Information

Besides the three authentication methods that are shown above, there is another authentication method that is not yet become a standard, but already used in several platforms. That method is by using geolocation.

Using VPN can only change the IP and country, but the user agent is still the same. Hence, if there is another user agent with different IP and located in another country, then you can conclude that your account is compromised. Besides that, changing to a distant country in a short time will also make the application suspect you, thereby prompting you to login again with your username and password to verify your identity.