You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Authentication verifies the identity of a user, while session management maintains that verified identity across multiple requests. Weaknesses in either area can allow attackers to impersonate legitimate users, access unauthorised data, or take over accounts entirely.
Authentication answers the question: "Who are you?"
There are three factors of authentication:
| Factor | Type | Examples |
|---|---|---|
| Something you know | Knowledge | Password, PIN, security question |
| Something you have | Possession | Mobile phone (SMS/TOTP), hardware token, smart card |
| Something you are | Inherence | Fingerprint, face recognition, iris scan |
Multi-factor authentication (MFA) requires two or more factors from different categories. Using a password and a security question is not MFA because both are knowledge factors.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.