CAB240 Lecture Notes - Lecture 4: Access Control, Authenticator, Feature Extraction

What is user authentication: process used to decide whether the identity a user claims is genuine (authentic) or not. Important if decisions are based on user identity. Systems to authenticate users need to: consider user id and provided authenticator, decide whether user is authentic or not. Knowledge based - something you know: characterised by secrecy or obscurity, commonly used are passwords (user selected, reusable), pins, and security questions, advantages to this are: readily accepted by users, and low cost implementation. Reusable passwords: most commonly used authenticator, user provides username and password. System stores value and uses it to compare: requirements, user must store password securely. Store password securely: use a strong password, don"t share password w/ other entities, don"t use same password for multiple systems. Selection strategies: user selected, or, computer generated. System requirements: need to store passwords securely, no non-repudiation if password is known to system (or others outside the system)