Authentication Methods

Before authentication methods can be discussed, authentication should be defined. So basically we are deciding whether someone or something is, who or what it is declared to be.

In both private situations and in public Internet usage, authentication is commonly done through the use of logon passwords. Recognition and remembrance of the password

is assumed to guarantee that the user is authentic. The Achilles' heel in this system is that transaction passwords can often be stolen, accidentally revealed, or forgotten.

For this reason, Internet business and many other transactions require a sturdier authentication approach. The use of digital certificates issued and verified by a Certificate Authority (CA) as part of a public key infrastructure may become the norm in processing authentication on the Internet. (For more authentication resources, see: Authentication Methods

There are three methods by which a human can authenticate themselves:

1. Something about the user is recognized as unique

2. Something the user possesses is unique

3. Something the user knows (a password or PIN) is unique

Also, a combination of methods is used, e.g., a bank card and a PIN, in which case the term "two-factor authentication" can be used.

In the law enforcement world, fingerprints have been used as the most authoritative method of authentication, but recent ourt cases have doubted their reliability (as have retinal and fingerprint scans).

In the computer environment, cryptographic methods have been developed which are currently very reliable if the user's key has not been compromised.

There are two ways of restricting access to online documents: either by the browser hostname, or by asking for a username and password. Using the browser hostname can restrict the use of documents within a company or group of individuals. However if the people who are allowed to access the documents are in different locations, or the server administrator needs to be able to control access on an individual basis, it is possible to require a username and password before being allowed access to a document. This is called user authentication.

Configuring user authentication requires creating a file containing the usernames and passwords and then telling the server what sectors are to be protected and which users are allowed (after entering a valid password) to access them.

The directives to create the protected area can be placed in an .htaccess file in the directory concerned, or in a section in the access.conf file.

To allow a directory to be restricted within an .htaccess file, one must verify that the access.conf file allows user authentication to be set up in an .htaccess file. This is controlled by the AuthConfig override. The access.conf file should include AllowOverride AuthConfig to allow the authentication directives to be used in an .htaccess file.

To restrict a directory to any user listed in the users file just created, one can create an .htaccess file containing:

AuthName "restricted stuff" AuthType Basic AuthUserFile /usr/local/etc/httpd/users

require valid-user

These are but a few online authentication methods because, unfortunately, people still do not trust the Worldwide Web for the safety of their money transactions. With increased trust in the safety of online processing comes benefits for the business

owner which include greater profitability and improved business/customer relationships. And benefits for the consumer with more convenient bill payment processing and account access.