Computer and Network Authentication

Patrick McDaniel, Pennsylvania State University


Meet Alice and Bob


Authentication Services

Web Authentication

Password-Based Web Access

Single Sign-On



Host Authentication

Remote Login


One-Time Passwords


Pretty Good Privacy


Wireless Networks

Interactive Media



Cross References


Authentication is the process by which the identity of an entity is established. Authenticating entities present credentials, such as passwords or certificates, as evidence of their identity. The entity is deemed authentic where presented credentials are valid and sufficient. Note that authentication does not determine which entities should be given access but only verifies that an entity is who they claim to be. However, it is only after an entity is authenticated that their rights to resources can be assessed (through authorization). Hence, failure to correctly authenticate users on the Internet can leave on-line resources vulnerable to misuse.

This article considers the semantics, methods, and mechanisms for authentication on the Internet. The goals and principles of authentication are illustrated through several expository systems. The embodied trust, operation, and limitations of these systems are explored. This article is concluded with a number of axioms for the selection and use of authentication systems on the Internet.


An authentication process establishes ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.