Sunset mobile

Your choice

Enterprise security for every user with support for FIDO, OTP, mobile apps, and everything in between.

Building plane

On-prem and cloud

Authentication for all your applications — both on-prem and in the cloud

Reset your password

For all devices

Support for all devices, operating systems, and security levels you need.

Our authentication solutions

Questions

Secure authentication — the basics


What is user authentication?

User authentication means that a user can prove that they are who they say they are. 

Imagine presenting your ID card when picking up a package at the local post office. You prove that you are the correct package receiver, authenticate yourself, and can pick up the results from your latest shopping spree.

In the digital world, it works the same way. Whether it is logging in to your work computer, your bank, or anything else, you have to provide something that proves you are who you say you are. 

Traditionally, in many cases, this has been done by using passwords. But today, many more options exist for significantly more secure user authentication in any environment.


What is two-factor authentication (2FA)?

Two-factor authentication, 2FA, means that the user presents two things (factors) to prove their identity.

User authentication by passwords alone is not very secure, as passwords are easily lost, forgotten, or stolen.

Combining the use of a password with something else significantly increases security. It can be a one-time code sent by email or text, a fingerprint or retinal scan on a phone (biometric identification), or an authenticator app on your mobile device.

Even if a hacker could get hold of your password, the first factor, they would still be missing the second factor in order to log in.


What is multi-factor authentication (MFA)?

Multi-factor authentication (MFA) and two-factor authentication (2FA) are closely related. Both involve the use of more than one factor for authenticating a user. 2FA uses two factors, often a password and something else, and can be considered a part of MFA. However, the latter can involve several means of authentication instead of just two.

To give a quick example, a user tries to log in with their username and password (something the user knows). If the password is correct, they are asked to authenticate themselves with their authenticator app (something the user has). The authenticator app itself is locked with the fingerprint sensor on their device and can not be used before the correct fingerprint has been presented (something the user is).


What methods of authentication exist?

In multi-factor authentication, there are usually three factors that can be used.

  • Knowledge factor
    Something the user knows, like a password or a PIN code.

  • Possession factor
    Something the user has, like a YubiKey, smart card, authenticator app, or OTP token.

  • Inherence factor
    Something the user is, like biometric factors such as a fingerprint or retinal scan. 

In some cases, location can also be a factor. However, for privacy reasons, this should be used with caution.


What is the difference between authentication and authorization?

Authentication is proving that you are who you say you are. In the physical world, by an ID, passport, company badge, or similar. In the digital world, by one or several authentication factors.

Authorization is what said authentication gives you access to. A company smart card might unlock the front door for you, but only the door to the server room if you are authorized.

The same goes for the digital world, where authorization is closely tied to identity and access management, sometimes called access control. Authenticating yourself may give you access to post articles on the company blog, but not to change elements of the web design itself since you do not have the role of the company web designer.

Proving you are who you say you are is a critical part of organizational security; restricting what you can access within your role description is another essential part of cyber security.


What is the most secure form of authentication?

A secure PKI solution with certificates tied to a physical token, like a smart card or YubiKey, is generally considered one of the most secure forms of authentication available. It is used in high-security environments, often in combination with one or several other forms of identification, like photo ID or biometrics.

At the same time, strong authentication is closely tied to authorization and access rights, also known as identity and access management. Something that can play as much a part of your overall strategy as the authentication itself.

Related content

Atmosphere Confirm Login
Solution

You no longer need passwords for secure authentication. Remove them to get better user experience and get rid of the most common attack vector.

Atmosphere Planning
Solution

Do you require the high security levels that certificate-based authentication offers? We help you implement it in a way that suits your needs.

Mfa Laptop
Solution

Securing your complete workplace with MFA is essential today and we have a solution for all use cases.

Smartcard Computer
Webinar

Learn how you can secure all your devices with the help of YubiKeys, smart cards etc. without the need of investing in expensive infrastructure.

Atmosphere Event
Webinar

Learn how to make your organization even more secure without passwords!