Authentication

Authentication ensures users or devices are known and trusted to access data and resources

Authentication is the process of verifying the identity of a user or validating a connecting device.  Passwords, tokens and shared secrets are used to ensure that a user and/or device has the right to access data and resources on a computer system or network.

What are some examples of authentication tools?

  • Simple username and password.
  • Challenge-response devices, such as an RSA token.
  • 2FA, such as a USB key with a PKI certificate, a mobile device, and a password.
  • Biometric, such as a fingerprint scanner.

Who are the key vendors for authentication?

    • Authentication vendors within the broader “Identity and Access Management’ category have focused solutions:
    • Authentication Solutions: Validate identities for users and consumers. Examples are Callsign, Centrify, Google, Duo
    • IDaaS (Identity as a Service): Cloud service for validating identities of users and consumers. Examples are OneLogin, Okta, and Microsoft
    • Privileged Management: Help control and monitor the access of data and resources of privileged users (those with administrative access to systems). Examples are CyberArk, One Identity, and Beyond Trust.
    • Identity Governance: These solutions help organizations holistically manage the access rights of users across an enterprise. Examples are Sailpoint, SIMEIO, and Help Systems.
    • Consumer Identity: As the category name indicates, these solutions are focused on providing access rights to consumers accessing their services and products. Examples include LoginRadius, Verato, Akamai, and ID.me.

Here are additional resources: