WEBVTT

00:00:01.050 --> 00:00:06.080
The next step in the identification process is authentication.

00:00:06.370 --> 00:00:08.320
A person has said who they are,

00:00:08.510 --> 00:00:11.600
now we have to prove that they truly are that person.

00:00:12.740 --> 00:00:16.100
We could say that authentication is to verify,

00:00:16.720 --> 00:00:20.470
validate, or prove the identity,

00:00:21.110 --> 00:00:25.300
and this could be through things like a proof of possession or a secret

00:00:25.300 --> 00:00:30.250
question like we looked at back with the identification as most commonly

00:00:30.250 --> 00:00:32.960
based on three different types of authentication,

00:00:33.170 --> 00:00:37.360
what you know, such as a password, what you have,

00:00:37.570 --> 00:00:38.650
or what you are.

00:00:39.630 --> 00:00:42.110
We can see here that with authentication,

00:00:42.120 --> 00:00:45.450
what you know is based on something like a password,

00:00:45.450 --> 00:00:47.880
passphrase, or a secret question.

00:00:48.470 --> 00:00:51.840
The problem with this is that these are usually static values.

00:00:52.170 --> 00:00:55.870
The password may remain the same for 30 days or more,

00:00:56.060 --> 00:00:59.390
which means that if somebody was able to learn our password,

00:00:59.560 --> 00:01:03.710
they could replay that password and get access to our system.

00:01:05.170 --> 00:01:08.080
So that's why they often say that passwords should

00:01:08.080 --> 00:01:10.440
be changed on a periodic basis.

00:01:11.020 --> 00:01:14.590
They should also be different for different systems so you don't

00:01:14.590 --> 00:01:18.400
end up if a password was compromised on one system that that

00:01:18.400 --> 00:01:21.890
password would also be used on other systems and the person could

00:01:21.890 --> 00:01:23.720
get access to those as well.

00:01:25.450 --> 00:01:28.830
The next form of authentication is based on possession,

00:01:28.940 --> 00:01:31.620
ownership, in other words, what you have,

00:01:31.930 --> 00:01:35.190
such as do you have the right employee ID badge to

00:01:35.190 --> 00:01:36.720
give you access to the building?

00:01:37.320 --> 00:01:41.570
Do you have some type of a token or key fob smartcard,

00:01:41.800 --> 00:01:47.100
or to get into a country, a passport that validates who you are?

00:01:48.770 --> 00:01:52.980
The third form of authentication is based on what you are.

00:01:53.190 --> 00:01:56.370
This, of course, is commonly known as biometrics,

00:01:56.560 --> 00:02:01.460
and there are two types of biometrics, behavioral and physiological.

00:02:02.230 --> 00:02:06.700
Behavioral biometrics are things like how do you speak, a voice print.

00:02:06.870 --> 00:02:08.500
How do you sign your name?

00:02:08.880 --> 00:02:10.530
Signature dynamics,

00:02:10.539 --> 00:02:15.760
which is more related actually to the acceleration as you move across the page,

00:02:15.760 --> 00:02:17.560
not the signature itself.

00:02:18.120 --> 00:02:19.860
And keystroke dynamics.

00:02:20.080 --> 00:02:22.300
Everybody types a little bit differently.

00:02:22.730 --> 00:02:26.290
They have a different delay rate and transfer rate as they

00:02:26.290 --> 00:02:28.820
hold down a key and move between keys.

00:02:30.690 --> 00:02:34.890
Physiological biometrics we're usually more familiar with,

00:02:35.060 --> 00:02:37.810
things like an iris scan looking at the colored

00:02:37.810 --> 00:02:39.710
portion around the pupil of the eye,

00:02:40.220 --> 00:02:43.060
the retina scan that looks at the pattern of blood

00:02:43.060 --> 00:02:45.010
vessels in the back of the eye,

00:02:45.010 --> 00:02:49.950
a palm print which quite often looks at not only the lines on our hand,

00:02:49.990 --> 00:02:54.840
but also can look at the blood vessels that are underneath the skin,

00:02:54.840 --> 00:02:59.080
that's why we call it a venous scan, or of course,

00:02:59.090 --> 00:03:00.120
a fingerprint.

00:03:00.830 --> 00:03:05.980
We've seen a lot of systems based on things like face ID or facial recognition.

00:03:06.300 --> 00:03:08.960
These are all characteristics of a person.

00:03:10.620 --> 00:03:13.500
Biometrics have a few challenges.

00:03:13.620 --> 00:03:19.400
Users can be concerned about privacy, cleanliness of the device,

00:03:19.400 --> 00:03:24.940
am I going to put my hand on that, the delay it takes to process,

00:03:24.950 --> 00:03:27.100
how long am I going to have to wait until the

00:03:27.100 --> 00:03:29.840
system recognizes me and lets me in,

00:03:30.840 --> 00:03:34.470
as well as the cost to install this equipment and also to

00:03:34.470 --> 00:03:38.380
set up all the registration of each user and the

00:03:38.380 --> 00:03:40.110
maintenance of the system as well.

00:03:41.810 --> 00:03:44.140
Node authentication is a little bit different.

00:03:44.620 --> 00:03:49.480
It's a type of authentication that recognizes a trusted device,

00:03:49.480 --> 00:03:51.440
a trusted computer, for example,

00:03:51.840 --> 00:03:55.560
and this could be based on anything from an IP address,

00:03:55.570 --> 00:03:59.630
a MAC address of the system, or an RFID,

00:03:59.640 --> 00:04:04.070
radio‑frequency identifier tag that's onto that device.

00:04:05.510 --> 00:04:06.820
The key points review.

00:04:07.690 --> 00:04:12.020
Authentication is the next step after identification.

00:04:12.250 --> 00:04:16.260
We validate the identity based on those three factors,

00:04:16.260 --> 00:04:19.690
what you know, what you have, and what you are.

00:04:20.149 --> 00:04:21.450
In many cases,

00:04:21.959 --> 00:04:26.620
we'll use a combination of at least two of these together, and that is what we

00:04:26.620 --> 00:04:30.800
call multifactor or sometimes known as strong authentication.