Authentication (AQA GCSE Computer Science): Revision Notes
Authentication
What is authentication?
Authentication is the process of proving who you are to a computer system. Think of it like showing your ID card to get into a building - the computer needs to be sure you are who you claim to be before it lets you access information or use certain features.
Just like in real life where you might need to show identification to enter a secure building, computer systems need a way to verify your identity before granting access to sensitive information or functionality.
Many computer systems allow anyone to browse without giving personal details (like shopping websites), but if you want to do more than just look around, you'll need to prove your identity first. Some systems require authentication before you can use them at all.
Methods of authentication
There are three main ways computer systems can check your identity:
Usernames and passwords
This is probably the most familiar method to you. Here's how it works:
- You choose a username (like your email address) and a secret password
- When you want to log in, you type both pieces of information
- The computer checks that the username exists and that the password matches what's stored for that user
- If both match a known user account, you're authenticated and can access the system
Worked Example: Username and Password Authentication Process
Here's a simple example of how this might work in code:
username ← 'admin'
pwhash ← '5fa345bcd3c1'
OUTPUT 'enter a username'
un ← USERINPUT
OUTPUT 'enter password'
pw ← USERINPUT
IF un = username AND hash(pw) = pwhash THEN
loggedin ← True
ELSE
loggedin ← False
ENDIF
Notice how the password isn't stored directly - instead, a hash value is stored for security.
The biggest weakness of password authentication is that passwords can be forgotten, stolen, or guessed. That's why many systems now use additional security measures.
Electronic keys, devices or accounts
This method uses something physical that only you should have access to:
- It could be a smart card, USB key, or mobile phone
- The system might send you a text message with a secret code
- Or it might send an email that you need to respond to
- Only the person with access to that specific device or account can complete the authentication
This method is based on the principle of "something you have" - even if someone knows your personal information, they can't authenticate without physical access to your device.
Biometrics
Biometrics uses measurements of your unique physical characteristics:
- Fingerprint scanners - many schools use these for lunch payments
- Voice recognition - some phone systems use your voice to identify you
- Facial recognition - increasingly used in smartphones
- Eye scans - used in high-security buildings
Banks are starting to use voice recognition when you call their telephone services, making it harder for fraudsters to impersonate you.
Biometric authentication is based on "something you are" - these physical characteristics are extremely difficult to fake or steal, making this method very secure.
Two-factor authentication
Two-factor authentication makes your accounts much more secure by combining two different methods from the list above.
Two-factor authentication significantly reduces the risk of unauthorised access because an attacker would need to compromise two different security factors, not just one.
Worked Example: Two-Factor Authentication Process
Here's how a typical two-factor authentication works:
Step 1: You log in with your username and password (something you know)
Step 2: The system immediately sends a text message to your phone with a code (something you have)
Step 3: You must enter both the password and the text code correctly to gain access
Result: Much stronger security - even if someone steals your password, they would also need access to your phone to log in.
This is much safer because even if someone steals your password, they would also need access to your phone to log in.
Password security and hashing
Critical Security Concept: Passwords should never be stored as plain text in computer systems. If a hacker gained access to the database, they would immediately know everyone's passwords!
Instead, systems use a mathematical process called hashing:
- When you create a password, it gets converted into a very long number (the hash)
- This is a one-way process - you can't work backwards from the hash to find the original password
- When you log in, your entered password gets hashed and compared to the stored hash
- If the hashes match, you're authenticated, but your actual password was never stored
Think of hashing like a fingerprint for your password - it creates a unique identifier that can verify your password without actually storing the password itself.
This means that even if criminals steal the database, they can't easily discover what your password actually was.
Remember!
Key Points to Remember:
- Authentication proves identity - it's like showing your ID to a computer system
- Three main methods exist: what you know (passwords), what you have (devices), and what you are (biometrics)
- Two-factor authentication combines two methods for much better security
- Passwords are hashed, not stored as plain text to protect users if databases are compromised
- Each method has strengths and weaknesses - that's why two-factor authentication is becoming more common