In Identity Management, the letters AAA stands for Authentication, Authorisation and Accounting.
- Authentication proves the person’s identity, software application, or technology asset accessing a resource.
- Authorisation defines the permission the resource holds to access a particular resource.
- Accounting keeps track of the who, what, when, where etc. the audit trail.
As an essential member of the AAA family, Authentication verifies the identity of a system, device, or individual. A typical example of Authentication is username and password while logging into a workstation. Assuming the password is kept a secret, by successfully authenticating using a username and password, a user is letting the workstation know who they are, and that is them accessing the system.
Some of the standard authentication types –
One-factor Authentication – The most common and least secure authentication type that uses a single credential is shown below.
Two-factor Authentication – Using two different credentials, a 2FA is more secure than 1FA is shown below.
Three-factor Authentication – An emerging secure way of Authentication using three different credentials is shown below.
As seen from the figures above, authentication factors can be categorised as follows:
Something you know (Password, Passphrase, Pin)
Something you have (Token, One-time pin)
Something you are (Fingerprint, retinal scan)
Somewhere you are (Geographic location, VLAN, office building)
Something you do (Behaviour, keystrokes, mouse movement)