Home
/
Testing Terms
/
Authentication
White Box Penetration Testing

Authentication

What is Authentication?

The procedure used in systems to confirm a user's, device's, or entity's identification before allowing access to resources. As part of security testing, it's important to make sure that authentication systems are reliable and difficult to hack.

Authentication Factors

Elements used to verify identity in authentication processes. They are generally categorized into three types. Have a look at it below.

Factor Description Examples
Knowledge Factor Something You Know Passwords, PINs, or security questions
Possession Factor Something You Have Smart cards, OTP tokens, or mobile devices
Inherence Factor Something You Are Biometrics like fingerprints, facial recognition, or retina scans

Authentication Protocols

Standards followed to transmit authentication information over networks securely. Common protocols include:

  1. OAuth: Open standard for access delegation, commonly used for token-based authentication.
  2. OpenID Connect: A simple identity layer on top of the OAuth 2.0 protocol.
  3. SAML (Security Assertion Markup Language): An XML-based standard for exchanging authentication and authorization data between parties.

Types of Authentication

  1. Multi-Factor Authentication (MFA)
    A security system that requires more than one authentication method from independent categories of credentials. This strengthens security by combining multiple factors (e.g., a password and a fingerprint).
  2. Single Sign-On (SSO)
    An authentication process that allows a user to access multiple applications with one set of login credentials. It enhances user convenience and can improve security when implemented correctly.
  3. CAPTCHA
    Its full form is a Completely Automated Public Turing test to tell Computers and Humans Apart. A type of challenge-response test is used to determine whether the user is human. It helps prevent automated bots from abusing authentication systems.
  4. Biometric Authentication
    A security process that relies on the unique biological characteristics of an individual, such as fingerprints, voice recognition, or facial features, to verify identity.
  5. Two Factor Authentication (2FA)
    A type of multi-factor authentication where two different factors are used to verify a user's identity. Common combinations include something you know and something you have.
  6. Adaptive Authentication
    A risk-based approach to authentication that evaluates the context of the user’s login attempt (e.g., location, device, behavior) and adapts the authentication requirements accordingly.
Black Box Penetration Testing
Glossary Hero Shape