Identification and authentication are integral to an access control system.
- Identification is carried out by the user or service supplying the system with user IDs.
- Authentication is the process to obtain ID verification of the user or service requesting access.
Both the sender and recipient can verify the other as a legitimate user with whom they’re trying to communicate. If persons wishing to communicate or exchange information cannot verify each other trust is compromised, deterring further activity.
Authentication can be based on three types:
- A code the user only knows, such as a PIN number.
- An object the user has been granted possession of, such as a smart card.
- Something biometric, such as a fingerprint.
Using Passwords as an Authentication Method
Of the three authentication methods, passwords are the most widely used, though they’re the easiest to decode as many users will use passwords that are easy to remember, such as an anniversary or birthday.
There are cases where passwords are only used once (a “one-time” password). These provide the highest level of security because a new password is required for each new log-on.
The preference for users tends to be “static” passwords, a password that’s created and saved, and used for subsequent log-ons. The longer the password remains unchanged, the higher the probability of it being compromised.
It’s common practice for security administrators to require frequent changing of passwords whether it’s every two weeks, quarterly, or after a certain number of log-ins, the frequency of these required changes depends on the level of confidentiality of the data the passwords protect.
Using Tokens as an Authentication Method
Tokens are the second type of authentication method – an object or device the user holds. Tokens are considered to have a higher degree of security being more difficult to access or falsify. These can be credit card-size memory cards, smart cards, or keypads that are used to supply static and dynamic passwords.
Smart cards are assigned a personal identification number (PIN) allowing user-control over the token. These devices are often used as one-time passwords because of their added security. Because these can be used in conjunction with a password, these provide a layer of multi-factor security.
Biometrics as an Authentication Method
Biometrics are the third type of authentication method. This form of ID verification is applied through a behavioral or physiological characteristic unique to an individual user. Of the three types, biometrics provides purist means of authentication, but is also more expensive.
Biometric systems work by recording physical information that is highly precise and unique to the individual user. Biometrics include factors such as voice recognition, facial scan, iris / retinal scan, fingerprint / palm scans, or any other scans which rely on a physical characteristic of an individual.
Biometric systems offer various degrees of accuracy, measured by the percentage of Type I and Type II errors it produces.
- Type I errors, which is the false rejection rate, are a measure of the number of recognized users that were denied access by the system.
- Type II errors, or the false acceptance rate, measures the number of unauthorized users that were mistakenly permitted access.
When Type I and Type II errors are equalized, it indicates the accuracy of the system. This leveling out is known as the Crossover Error Rate (CER). The lower the CER, the better.
Multi-factor authentication is the combination of two or more authentication factors, such as using a token along with a PIN. A user must have the token device and the PIN for successful log on. Multi-factor authentication boosts system security.