What is authentication

Authentication is the process of challenging the user to prove who they are so that they can access protected resources in your system.

It usually falls under three categories:

What do you know

This is the most common type of authentication. Typically it involves providing your username and password which is then checked against the data already stored in the application’s data stores.

Despite its popularity, this method is in fact the weakest form of authentication.

We will discuss in a later article what can be done to secure it, but as basic rules, Hash the passwords and ensure the authentication happens over a secure connection.

Something you have

Most employees now a days carry a security tag that can be swept at the doors in their organization. This is a form Something you have authentication.

Github usually a similar scheme but now using ssh keys https://help.github.com/articles/generating-ssh-keys/. Here Github allows gives you access to your repositories by checking your client certificates.

You can read more about this type of authentication here https://www.comodo.com/resources/small-business/digital-certificates2.php

This is a significantly more secure method compared to What you know method.

Something you are

This is the realm of biometrics. It includes fingerprint scanners, facial recognition and even typing patterns!

This is the strongest form of authentication and is gaining popularity in the modern world, in fact some modern smartphones come equipped with a facial scanner.

You are not restricted to using only one authentication method. Lately Google and other popular web services have been popularizing two factor authentication. This is where they ask you for your username and password combination (What you know) and then send you a sms or notification to your mobile device with a code which you then fill out (What you have).

Hope you are enjoying this series so far! Lets engage in comments below.

Also consider signing up Signup to our newsletter to ensure you don’t miss out on this kind of posts and much more.


Published by


API Engineer