Authentication
What is Authentication?
AuthenticationThe process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
Authentication establishes the identity of a principal by validating one or more factors: something you know (password, PIN), something you have (security key, smartphone), or something you are (biometrics). Modern systems often combine factors (MFA), pair them with device posture signals, and rely on standards such as SAML, OAuth 2.0 and OpenID Connect to delegate the check to a trusted identity provider. Strong authentication is a prerequisite for any meaningful authorization decision and a top priority for stopping phishing, credential stuffing and account takeover. Weak or reused passwords without phishing-resistant factors remain the leading cause of initial access in breaches.
● Examples
- 01
Logging into a corporate VPN with a password plus a FIDO2 security key.
- 02
An API gateway validating a signed JWT issued by the identity provider.
● Frequently asked questions
What is Authentication?
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access. It belongs to the Identity & Access category of cybersecurity.
What does Authentication mean?
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
How do you defend against Authentication?
Defences for Authentication typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Authentication?
Common alternative names include: AuthN, Identity verification.