Authentication in Web Applications
In modern applications require users to verify their own identity. The process of verifying the identity of an individual call as Authentication. Example of user access web-based service or application using various platforms. Access to certain actions or pages can be restricted using user levels. Authorization is the process of controlling user access via assigned roles and privileges.
Authentication
Can be described as the process of verifying identity. A unique identifier is associated with a user which is a username or user id. In a traditional way, we use a combination of username and password to authenticate a user. That kind of simple authentication is maintained locally therefore we call it local authentication. other than that there are non-local authentications in use. such as OpenID, Oauth & SAML these also can be used as authentication provides.
Authentication Mechanisms
There are few authentication mechanisms that are
- Third-party access(OAuth, API-token)
- OpenId
- SAMLCookie-Based authentication
- Token-Based authentication
- Cookie-Based authentication
Factors of Authentication
- Knowledge Factors
- Possession Factors
- Inherence Factors
- Location Factors
- Behavior Factors
Attack related to these authentication Mechanisms
- Phishing
- Man in the middle attack
- Brute force attack
- Dictionary attack
- Credential stuffing
- Keyloggers
- Possession Factors
How to prevent those attacks?
used Multi-factor authentication its using a physical token or personal device like a mobile phone to authenticate users ensure that passwords are not the sole gate to access.
Use Remote access using a smart remote controller or device access platform like OndeLogin means that individual websites are no longer the source of user trust. instead, OneLogin ensures that the user’s identity is confirmed then logs them in.
Biometric this can use a malicious actor will find it very difficult to replicate your fingerprint of facial shape enabling biometric authentication turns your password into only one of several points of trust that a hacker needs to overcome.
