What Is a User Authentication Policy?

A user authentication policy is a process in which you verify that someone who is attempting to access services and applications is who they claim to be. This can be accomplished through a variety of authentication methods, such as entering a password into your laptop or phone or a PIN number into the ATM.

What is the purpose of authentication?

Authentication is used to verify that you are who you say you are. After a user’s identity is confirmed, for instance with a username and password, that identity may be used in an authorization policy to determine the appropriate access privileges. Organizations today must ensure that the right users are given access to the right resources, whether it is physical or--increasingly--digital.

What are the different authentication protocols?

Network authentication protocols are used to help securely transfer identity credentials for authentication between the subject (user or device) and the authentication server. There are several different authentication protocols for network access control, including:

  • Kerberos
  • Extensible Authentication Protocol (EAP)
  • IEEE 802.1X
  • Remote Authentication Dial-In User Service (RADIUS)
  • Terminal Access Controller Access-Control System (TACACS)

Learn more about authentication protocol technologies.

How do I benefit from a user authentication policy?

A user authentication policy may be used to help ensure that only the intended audience is accessing certain assets in your organization. User authentication policies strive to ensure that the person requesting sensitive information and data is the right person to access that information.

Types of user authentication

Two-factor authentication (2FA)

Two-factor authentication, a subset of multi-factor authentication (MFA), is a two-step authentication process. It combines a username and password, or PIN, with a physical or mobile token for extra security. This combination of authentication factors makes it more difficult for a potential intruder to gain access.

Three-factor authentication (3FA)

Three-factor authentication combines what you know, what you have, and what you are. Similar to a two-factor authentication, what you know and what you have typically involves usernames and passwords and a one-time token. However, with 3FA there is an additional factor--what you are--which uses biometrics such as fingerprints to verify a user’s identity.

Four-factor authentication (4FA)

Four-factor identification is another form of layered security that involves knowledge, possession, inherence, and location. As with 3FA, knowledge, possession, and inherence consist of passwords and PINs, token authentication, and biometrics. For an extra layer of security, 4FA also uses verification of a user’s login to authenticate the user.