Authentication

Also known as: AuthN, Identity verification

The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.

Authentication establishes the identity of a principal by validating one or more factors: something you know (password, PIN), something you have (security key, smartphone), or something you are (biometrics). Modern systems often combine factors (MFA), pair them with device posture signals, and rely on standards such as SAML, OAuth 2.0 and OpenID Connect to delegate the check to a trusted identity provider. Strong authentication is a prerequisite for any meaningful authorization decision and a top priority for stopping phishing, credential stuffing and account takeover. Weak or reused passwords without phishing-resistant factors remain the leading cause of initial access in breaches.

Examples

Logging into a corporate VPN with a password plus a FIDO2 security key.
An API gateway validating a signed JWT issued by the identity provider.

Authentication

Examples

Related terms

Authorization

Multi-Factor Authentication (MFA)

Single Sign-On (SSO)

Passkey

Password

AAA Framework

Definition

Examples

Related terms

Authorization

Multi-Factor Authentication (MFA)

Single Sign-On (SSO)

Passkey

Password

AAA Framework