Identification vs. Authentication
In the previous slides, we spoke about physical security and physical access control. Using this knowledge, we are now able to approach the general topic of Access Control, but, first, we need to define two more concepts.
The first, Identification, is the process of describing one's identity in a unique way. That is, by presenting a unique trait such as username, EMPLID, other sort of unique ID, etc., that won't confuse one with any other person/program/website.
- Note that this unique trait is publically known: it's not a secret piece of information.
The second, Authentication, is the process of proving that a user or application is indeed who they claims to be. That is, authentication is the verification of one's identity.
- If authentication is not strong enough, the system is not secure, because other people or programs will access one's account by impersonating (= pretending to be) that user.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.