Authentication (information security)

In information security, the processes of identification, authentication and credentialing are closely linked, authentication being the technologies and procedures used to confirm one's identification to a secure information system. You can think of it as a safeguard against identity theft.

One of the basic ways to think about authentication is that it confirms your purported identity with: These are all factors in authentication, along with your claimed identity. Two-factor authentication, at its most basic, is the combination of user ID and password.
 * Something you know (e.g., a password or PIN)
 * Something you have (e.g., a key (lock), security token or credit card)
 * Something you are (e.g., a biometric attribute, or perhaps a confirmed location)

Since passwords, as well as user IDs, can be stolen, more secure alternatives are desired for two-factor identification. Some of the oldest techniques include one-time passwords, and the use of security tokens.

Security token
A security token is a hardware and software device that generates a changing authenticator to be sent in response to a challenge after the user ID is entered. There are two basic types, both usually of credit card size. One displays a changing number, generated by a cryptographic hash of a unique number in the physical authenticator, and a time code synchronized between the token and an authentication server.

The other, somewhat complex, has a keypad on which a challenge number sent by the authentication server is manually entered. It also may be necessary to enable the security token by entering a personal identifier. These factors, as well as a time code and token identifier, form the hash to be sent back.