In the age of online banking and identity theft, proving who you are -- and preventing other people from using your identity -- is increasingly important. Some authentication methods, such as prompting for a password, are easy to implement. Others, such as checking a person's fingerprints, are much more accurate. Choosing the right authentication method depends on how it is going to be used.
Passwords are the most common type of authentication, but they are also insecure. This method works by simply asking the user for a secret password and granting access if the correct password is provided. Passwords are vulnerable because people often choose weak passwords that are too short and contain words in the dictionary, making them susceptible to brute-force attacks that go through possible weak passwords until a match is found. Using special characters and "passphrases" -- which are especially long passwords -- is a more secure method.
Password lists, in which each password is only used a single time, increase security, but the hassle of generating new passwords or securely sending the new passwords to both the user and server makes this method impractical in many situations.
The challenge-response method uses passwords, but the password is never sent. Instead, an authentication centre sends a random number to the user. The user then responds by combining the password with the random number and then using a hash function to create the equivalent of a digital fingerprint. The authentication centre, which knows the password, random number and hash function, is able to produce the same fingerprint and compare them. If they match, then the user is authenticated. This system is secure because even if an attacker knows the random number and hash function used, it is not enough to calculate the password.
Public key encryption is based on mathematical operations that are easy to perform but very difficult to undo. Multiplying very large prime numbers is the most common example. While multiplying them is easy, if a second person were given the product, it would be nearly impossible to then determine which two primes had been multiplied together. These one-way functions create a public key and a private key. Anyone can use the public key to encrypt information, which can only be decrypted with the private key. In the public key authentication protocol, user A encrypts a random number with user B's public key. User B decrypts the number, encrypts it with user A's public key and then sends it back. It is user B's ability to decrypt the original message that proves his identity.
Biometrics, the direct measurement of a physical or behavioural characteristic, can also be used for authentication. Fingerprinting, DNA tests and retinal scans are among the most familiar biometric methods, while written signatures -- one of the oldest authentication methods -- can be considered a biometric method, as well. Less commonly, systems that recognise a person's voice, walking gait or typing cadence are all used as biometric authentication methods.