User Authentication Quiz: Authenticate and Authorize Users

User authentication verifies the identity of a user attempting to gain access to a network or computing resource
It prevents unauthorized users from gaining access and damaging systems, stealing information, or causing other problems
The process consists of three tasks:
- Identification: Users prove who they are
- Authentication: Users prove they are who they say they are
- Authorization: Users prove they're allowed to do what they're trying to do

Knowledge factors: things users must know to log in, including usernames, IDs, passwords, and personal identification numbers (PINs)
Possession factors: things users must have in their possession to log in, including one-time password tokens, key fobs, smartphone apps, and employee ID cards
Inherence factors: characteristics inherent to individuals that confirm their identity, including biometrics, such as retina scans, fingerprint scans, facial recognition, and voice authentication

A centralized authentication server that authenticates users to servers and servers to users
Components:
- Authentication Server (AS): performs initial authentication and ticket for Ticket Granting Service
- Database: verifies access rights of users
- Ticket Granting Server (TGS): issues ticket for Server
Steps:
1. User login and request services on the host
2. Authentication Server verifies user's access right using database and gives ticket-granting-ticket and session key
3. User decrypts ticket using password and sends to Ticket Granting Server
4. Ticket Granting Server decrypts ticket and verifies request, then creates ticket for requesting services from the Server
5. User sends ticket and authenticator to Server
6. Server verifies ticket and authenticators, then generates access to the service

User Authentication: users only have to input their username and password once to gain access to the network
Single Sign-On (SSO): enables users to log in once to access a variety of network resources
Mutual Authentication: ensures both client and server are authenticated
Authorization: provides a system for authorization in addition to authentication
Network Security: offers a central authentication server that can regulate user credentials and access restrictions

A password is a secret word or phrase or code that you need to know to have access to a place or system
Password Management: practices and rules to follow to be a good/strong password and store/manage it for future requirements
Issues:
- Not safe to use the same password for multiple sites
- Difficult to remember multiple passwords
- Password managers can reduce the problem
Methods to manage passwords:
- Strong and long passwords
- Password encryption
- Multi-factor Authentication (MFA)
- Avoid updating passwords frequently

Uses a digital certificate derived from cryptography to identify a user, device, or machine
Can be adopted for all endpoints, including servers, personal computers, e-passports, and IoT devices
Preferable to password-based authentication
Components:
- Digital certificate
- Private key### Certificate-Based Authentication
Certificate-based authentication uses a digital identity certificate to prove private key ownership and verify the user, device, or machine.
It provides additional capability beyond classic username and password combination, which only verifies possession.
A digital certificate contains important details, such as:
- The public key
- The user or device's name
- The name of the Certificate Authority (CA) that issued the certificate
- The date from which the certificate is valid
- The expiry date of the certificate
- The version number of the certificate data
- A serial number
The certificate-based authentication flow involves:
- The client initiating a connection to the server
- The server responding with its public certificate
- The client performing validation to ensure the server's public certificate is trusted
- The server requesting the certificate from the client
- The client signing a nonce with its private key and returning it to the server with its public certificate
- The server verifying the nonce and checking the certificate's validity and revocation status

Biometric authentication verifies a user's identity using their unique biological traits, such as:
- Fingerprints
- Voices
- Retinas
- Facial features
It is more secure than traditional forms of multi-factor authentication.
Types of biometric authentication include:
- Facial recognition
- Fingerprint recognition
- Eye recognition (iris or retina)
- Voice recognition
- Gait recognition
- Vein recognition

Multimodal biometric authentication combines multiple biometric authentication methods to enhance security and prevent spoofing.
It uses various biometrics during identity verification, making it harder for malicious hackers to spoof.

Benefits:
- Increased levels of assurance and identity insurance
- Ease of use
- Fraud detection
Risks:
- Being hackable
- Partial matches
- Fail to recognize a valid user
- Bias
- Fears of sharing biometric data
- Data storage concerns

A KDC is a crucial element in a network encryption system responsible for assigning secret keys to authorized users.
It operates in systems such as Kerberos, providing authentication and secret keys for users and services.
The KDC's primary function is to enhance communication security by preventing unauthorized access to transmitted data.
It verifies the user's identity, creates session keys, and securely transmits these keys to the communicating parties.
The KDC is a trusted third party that authenticates users in a network.