You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson covers authentication as a network security prevention method, as required by OCR J277 Section 1.4. Authentication is the process of verifying that a user or device is who they claim to be.
Authentication is the process of confirming the identity of a user before granting access to a system, network, or resource. It answers the question: "Are you really who you say you are?"
Authentication is different from authorisation:
A user must be authenticated before they can be authorised.
Authentication methods are based on three factors:
| Factor | Description | Example |
|---|---|---|
| Something you know | Information only the user should know | Password, PIN, security question |
| Something you have | A physical item the user possesses | Smart card, phone (for SMS codes), security token |
| Something you are | A biological characteristic unique to the user | Fingerprint, facial recognition, iris scan |
OCR Exam Tip: The three authentication factors are a common exam question. Remember them as: know, have, are. Two-factor authentication uses at least two of these three categories.
Passwords are the most common form of authentication. The user enters a secret string of characters that must match what is stored (in hashed form) on the system.
| Feature | Weak Password | Strong Password |
|---|---|---|
| Length | 4-6 characters | 12+ characters |
| Character types | Lowercase only | Mix of upper, lower, numbers, symbols |
| Predictability | Common words (password123) | Random or complex phrases |
| Reuse | Same password on multiple sites | Unique password for each account |
Biometric authentication uses unique physical or behavioural characteristics to verify identity.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.