User Authentication Methods
By Zach Lewis
December 3, 2021
The typical authentication method is a unique username and password. Email addresses are sometimes used in lieu of a username or interchangeably as an authentication credential for a user to any specific site
The method of two-factor authentication (2FA) requires two different authentication aspects from users. These aspects can include:
This is information that the user should innately have access to within their mind. An example includes the answer to a user’s mother’s maiden name. However, this can be faulty since users can forget their security question answers.
Object ownership is the physical embodiment of a password, like how a key can physically open your car. This object could be a smartphone, a flashdrive, or even a specific computer. Yet, there is the caveat that physical items can be lost.
A user would need to be in a specific location to access the site. The downfall here is that if you need to be in another place you will not have access, or if the location radius is too large, then this aspect of authentication ceases to be viable.
Smartphones requiring fingerprint recognition are an example of this as well as retinal scans, facial recognition, or any other biometric data used to access a site. Although this data is specific to an individual user, it is a rather invasive method to authenticate a user.
Similar to location, the time a user accesses a site could be used in a method to authenticate the account. If a site is typically accessed in the early morning, then that pattern would be tracked to provide authentication. Then, if someone else tried to impersonate that user but accessed the site late at night, the imposter’s access would be denied.
Text Message Two-Factor Authentication
A text message (SMS) authentication method is a popular form of two-factor authentication. Depending on the cost of sending and receiving text messages, this is a relatively expensive option. Typically, a user must input a short-lived code called a TOTP (time-based one-time password) input on a login screen to prove their identity. This method also requires the user to either own or have consistent access to a mobile device.
The Multi-Factor Authentication (MFA) method identifies users by a combination of three or more of the authentication aspects mentioned above. 2FA is a type of MFA. However, it is not multi-factor if a user is required to create three or more different passwords. Each aspect of user authentication needs to be a different method. The more authentication methods, the more secure the site and user. Like how having more locks on a door will make a breach less likely.
Single Sign-On (SSO) allows a user to be authenticated once without having to recheck their credentials at every login terminal. Implementing an SSO eliminates the need to remember various passwords. It also enhances security since there is only one door a user can go through to access a site. SSO makes accessing a site easier for the user and developer, but unless other safeguards are implemented, even SSO is vulnerable to attack. Imagine a vault in a bank that only has one entrance to encounter the valuables inside. If the vault has multiple doors in front of this entrance it will be safer, but if there are multiple entrances the vault becomes easier to access and harder to guard.
How humanID User Authentication Works
humanID is an open source technology SSO that is anonymous and an encrypted method of user authentication. Using only a phone number, humanID crafts a unique code, like an invisible skeleton key, which allows users to access a site.
humanID merges the simplicity of an email and password user authentication method without the need for password memorization or the possibility of unauthorized infiltration since no personal information is being stored nor is it transferred to the site to verify the user. humanID deploys two tiers of encryption.
First, a user’s phone number is verified. After that the phone number is turned into a unique hash. Then the phone number is deleted leaving only the hash, or humanID, behind. It saves developers time and money and creates a better user experience.