Authentication is the process of verifying the identity of a user, system, or entity. It answers the question “who are you?” before granting access to resources. Authentication factors fall into three categories: something you know (passwords, PINs), something you have (tokens, smart cards), and something you are (biometrics).
Strong authentication combines multiple factors. A password alone can be stolen, but a password plus a hardware token requires compromising both factors. Modern systems increasingly use passwordless authentication relying on cryptographic keys and biometrics.
CISSP Relevance
Domain 5 (Identity and Access Management) covers authentication methods, protocols, and implementation. Questions test understanding of authentication factor types, when to require multi-factor authentication, and how authentication integrates with authorization. Know protocols like SAML, OAuth, and OpenID Connect.
NIST guidelines on authentication are detailed in SP 800-63B Digital Identity Guidelines.
Related terms: Multi-Factor Authentication, Authorization