Authentication (Single and Multifactor)

Authentication (Single and Multifactor)

Authentication (single and multifactor) is a mechanism that an electronic system uses to identify and validate the identity of users with the required degree of confidence that the user is who he or she purports to be. Authentication is accomplished through the use of one or more “factors,” which correspond to things that the user knows (like a password), something that they possess (like a security token), or something they are (like a fingerprint). Authentication should not be confused with authorization, which is the process of granting individuals access to system resources based on their identity. More guidance is available on identity credentials from the National Institute for Standards of Technology publication NIST SP 800-103.
 
Additional information is available in the PTAC publication Identity Authentication Best Practices.