Authentication Design
Authentication is performed when a supplicant or claimant presents credentials to an authentication server.
- server compares what was presented to the copy of the credentials it has stored
Authentication design refers to selecting a technology that meets requirements for confidentiality, integrity, and availability:
- Confidentiality
- is critical, because if account credentials are leaked, threat actors can impersonate the account holder and act on the system with whatever rights they have
- Integrity
- means that the authentication mechanism is reliable and not easy for threat actors to bypass or trick with counterfeit credentials
- Availability
- means that the time taken to authenticate does not impede workflows and is easy enough for users to operate
The different types of credentials that can be used are called factors.