Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority (CA) as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet.
Logically, authentication precedes authorization (although they may often seem to be combined).
There are 3 types of Authentication
What You Have...
Keys, badges, ID, passcards, tokens. These are physical objects and go towards identifying you by what you physically *own*. The obvious problem here is that objects can be taken and are not tied or “signed” to any particular person. This makes it easy to loan your verification for temporary uses like valet parking, but objects can be stolen. Keys can be duplicated, IDs can be faked, and nobody knows what the heck a valid badge looks like anyway.
What You Are...
Your DNA, fingerprints, voice match, cadence of your typing, your walk, talk, act. Your smell, shoeprints, aura, your retinal scan, your vein patterns. Anything that leaves the impression of YOU, but nothing that can come from someone else. These are things that can be taken from you. They cannot be faked but can be stolen. Secondary level of security, What you are is better than what you have, but is nothing compared to what you know.
What You Know
Passwords, passphrases. They cannot be stolen (from your mind), they cannot be duplicated. Other examples include your memories.
Multifactor Authentication
RSA SecurID
FortiAuthenticator
WatchGuard AuthPoint
Thales SafeNet MFA
RSA offers the only complete portfolio of Authentication, access control and key management solutions that extend protection and ownership across the lifecycle of sensitive data, as it is created, accessed, shared, stored and moved. From the datacenter to the cloud, organizations can remain protected, compliant and in control, no matter where their business takes them.
The RSA SecurID authentication mechanism consists of a “token” — either hardware (e.g. a USB dongle) or software (a soft token) — which is assigned to a computer user and which generates an authentication code at fixed intervals (usually 60 seconds) using a built-in clock and the card’s factory-encoded random key (known as the “seed”). The seed is different for each token, and is loaded into the corresponding RSA SecurID server (RSA Authentication Manager, formerly ACE/Server) as the tokens are purchased. The token hardware is designed to be tamper-resistant to deter reverse engineering. When software implementations of the same algorithm (“software tokens”) appeared on the market, public code has been developed by the security community allowing a user to emulate RSA SecurID in software, but only if they have access to a current RSA SecurID code, and the original RSA SecurID seed file introduced to the server. In the RSA SecurID authentication scheme, the seed record is the secret key used to generate one-time passwords. Newer versions also feature a USB connector, which allows the token to be used as a smart card-like device for securely storing certificates. A user authenticating to a network resource—say, a dial-in server or a firewall—needs to enter both a personal identification number and the number being displayed at that moment on their RSA SecurID token. Some systems using RSASecurID disregard PIN implementation altogether, and rely on password/RSASecurID code combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, computes what number the token is supposed to be showing at that moment in time, checks it against what the user entered, and makes the decision to allow or deny access.
Fortinet User Authentication products offer a robust response to the challenges today’s businesses face in the verification of user and device identity. FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including single sign on services, certificate management, and guest management.
WatchGuard’s unique multi-factor authentication (MFA) solution not only reduces network disruptions and data breaches arising from weak or stolen credentials, but we deliver this important apability entirely from the Cloud for easy set-up and management. Moreover, AuthPoint® goes beyond traditional 2-factor authentication (2FA) by incorporating innovative ways to identify users, such as with our Mobile Device DNA. With our large ecosystem of 3rd party integrations, this means that strong protection can be consistently deployed across the network, VPNs, Cloud applications – wherever it’s needed. Even non-technical users find the friendly AuthPoint mobile app easy and convenient to use. Ultimately, WatchGuard AuthPoint is the right solution at the right time to make MFA a reality for businesses who desperately need it to block attacks.
Multi-factor authentication serves a vital function within any organization -securing access to corporate networks, protecting the identities of users, and ensuring that a user is who he claims to be.
Evolving business needs around cloud applications and mobile devices, combined with rising threats, and the need to reduce costs, require entirely new considerations for access control.
Authentication is one piece of the Access Management pie. Identity and Access Management solutions provide a framework for granting and requesting access to applications, enforcing access controls and ensuring visibility into access events. That’s where SafeNet Trusted Access comes in.
SafeNet Trusted Access is an access management service that combines the convenience of single sign-on with granular access security. By validating identities, enforcing access policies and applying smart single sign-on, organizations can ensure secure, convenient access to numerous cloud and web-based applications from one easy-to-navigate console.
IAM Cloud is an identity management service hosted on the Microsoft Azure cloud. It provides identity and federation services without the need for on premise servers like DirSync and ADFS. With IAM Cloud, organizations get all the benefits of identity management, without the hassles, costs, and sustainability concerns of managing 4-8 extra servers. Thales has partnered with IAM Cloud to provide IAM Secure, a hosted authentication solution that is completely cloud based. No expensive on-site hardware to manage, and because the OTP delivery channel is a mobile phone, there is no cost to deploy OTP hardware. IAM Cloud Secure integrates with Thales Authentication Solutions for strong, multi-factor authentication.
A complete IAM solution that delivers effective security.
Designed with ease of use for the user and the team managing IAM in mind. SecurEnvoy IAM provides Single Sign On, Adaptive Multi-Factor Authentication, Access Management and User Life Cycle management.
Delivers effortless onboarding, user interaction and administration.
Active identity database supported by a robust, fully integrated Universal Directory (UD) as the Single Source of Truth (SSOT).
Underpinned by IRAD, an AI/machine learning intelligent reporting and anomaly detection.
If you don’t know who has access to your applications and data, you probably have security and compliance gaps you haven’t even thought about.
With IdentityIQ at the center of your enterprise, you can control access to every file and application across your hybrid IT environment by employees, partners, contractors — even bots.
Identity IQ enables you to:
Connect to 99% of applications and data, then use a wizard setup and preconfigured workflows to onboard them in hours, instead of weeks.
Integrate governance controls with your mission-critical apps, like AWS, SAP and Salesforce, so users can only access the information they need to do their job.
Receive AI-driven recommendations from SailPoint Predictive Identity to help you determine when it’s safe to grant user access.
Protect and govern access across millions of identities, billions of points of access and tens of thousands of applications and data sources.
The PowerBroker Privileged Access Management Platform integrates with SailPoint IdentityIQ, enabling organizations to effectively manage user access for both privileged and non-privileged accounts. IT organizations get full visibility into not only role assignments and user access, but also all ongoing user and role activity including asset risk with advanced analytics.
Key capabilities include:
Streamline the Role Delegation Process: Delegate roles in Active Directory or LDAP accounts from SailPoint IdentityIQ into PowerBroker Password Safe, simplifying user administration and system access.
Centralize Role Management: Improve workflow and consistency by managing all user roles through the BeyondTrust Privileged Access Management Platform for least privileged access through Password Safe storage.
Enforce Policies Consistently: Leverage filters in the PowerBroker Privileged Access Management Platform to specify when and which policies from SailPoint IdentityIQ should apply to which assets by Role.
Delegate Vulnerability Information: Utilize SailPoint IdentityIQ Roles to control vulnerability management tasks from allowing IT to view assets, run scans, review individual results, deploy patches, and generate vulnerability management risk reports by team.
Review Privileged Access: SailPoint IdentityIQ Roles can delegate privileged access tasks by reviewer, auditor, and rule creator for any platform including Unix, Linux, Windows, and Mac – reducing risk with privileged access management and identity and access management.
Complete Role Integration & Import: When a user is added to a role within SailPoint IdentityIQ, membership in this role provides direct access to the PowerBroker Platform, providing controlled privileged access and complete auditing of privileged user activity. The account and its entitlement access data is fed back to IdentityIQ directly via API, providing organizations with complete visibility into user access.
Dynamic Entitlement Export & Reporting: All entitlements granted by the PowerBroker Platform are provided directly to SailPoint via API, providing complete support of out-of-station processes defined in IdentityIQ by including ad hoc reviews of user access as well as automated access certifications.
Automated Safe Enabling API: Direct API-based integration provides immediate provisioning of and visibility into all privileged access. Depending on role membership, users may be granted immediate run time access to request passwords or sessions for managed privileged accounts, and be provided granular least privilege policies. This access is fed back into IdentityIQ allowing an organization complete control of privileged access and visibility down to the keystroke.
Dynamic Activity Audit & Reporting: The PowerBroker Platform provides complete visibility and control of privileged access and extensive reporting, allowing organizations effectively answer: Is that access being used appropriately?
One Identity Privileged Access Management (PAM) solutions mitigate security risks and enable compliance. Now available as a SaaS-delivered or traditional on-prem offering. You can secure, control, monitor, analyze and govern privileged access across multiple environments and platforms. Complete flexibility to provide the full credential when necessary or limit access to Zero Trust and least-privileged operating models.
RSA offers the only complete portfolio of Authentication, access control and key management solutions that extend protection and ownership across the lifecycle of sensitive data, as it is created, accessed, shared, stored and moved. From the datacenter to the cloud, organizations can remain protected, compliant and in control, no matter where their business takes them.
Fortinet User Authentication products offer a robust response to the challenges today’s businesses face in the verification of user and device identity. 
