Before delving into the actual domain of authentication, let's take a moment to understand the difference between identification and authentication. When you show your ID card to the college security guards you identify yourself to them as being a legitimate student of that college. When you enter your ATM card into the ATM machine card slot, you identify yourself to your bank as its legal customer. But anyone can claim to be this bank's customer by stealing some one's ATM card. Now in such a situation how does the bank confirm its legal user? It is confirmed with the help of the PIN number. If the PIN number you enter is correct then you are positively confirmed. In other words you are authenticated. Now how do we implement this authentication? It can be done, based on the following 5 ways.
1) Something you know
2) Something you have
3) Something you are
4) Something you do
5) Where you are
Let's explore them in detail.
1) Something you know
This is based on the fact that you know the important credentials for logging into the system such as passwords, PIN number, unlock patterns etc. When you enter these correctly, you are given access to the system otherwise some kind of error is displayed.
2) Something you have
This is based on the fact that you possess some kind of physical entity which helps you in your authentication process. For example, ATM card, ID cards used in company's to enter the rooms, etc.
3) Something you are
This type of authentication is based on your physical traits. Your eyes, your palm, your fingerprints etc are used for authenticating yourself. Retina scans, facial recognition, fingerprint scan, etc are some commonly used authenticating techniques.
4) Something you do
In simple words, in this pattern if you wave your left hand up and down 3 times, you will get authenticated. If you revolve your head clockwise twice you will get authenticated. In short, what actions you perform becomes your password. This can also include style of handwriting, the speed with which keystrokes are done, etc.
5) Where you are
This involves using your geographical location as the password. This can be useful in case of ATM card transactions done physically at banks where this type of authentication can be used as an additional step for authentication thus making the system more secure.
Multifactor Authentication
Simply put, more than one type of authentication methods seen above are used for authenticating the user.
Mutual Authentication
In majority of cases we have seen one entity authenticating the other. This is unidirectional authentication. But in mutual authentication, both the entities authenticate each other. This mutual authentication can be seen in client server communication system. When we are trying to log in to an account on a website, the browser(client) authenticates the server by checking its certificate, whereas the server authenticates the client by checking its certificate and authenticates the user by verifying its credentials.
