Generally, authentication refers to the act of establishing or confirming something (or someone) as authentic. Typically, the process of authentication determines whether that claims made by or about someone or something are true. Authenticating an object may mean confirming its provenance, whereas authenticating a person often means verifying their identity.
In computer security, authentication generally refers to the process of attempting to verify the identity (e.g., digital identity) of an entity (e.g., a person, company, organization, group). For example, the sender of a communication such as a request to log in is authenticated. The sender being authenticated may, for example, be a person using a computer, a computer itself, or a computer program.
To distinguish authentication from the closely related term authorization, the shorthand notations A1 (authentication) and A2 (authorization) are occasionally used. The terms AuthN and AuthZ are also used to make this distinction in some communities. The problem of authorization is often thought to be identical to that of authentication as many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying an entity's (e.g., person's) identity, while authorization is the process of verifying that a known entity has the authority to perform a certain operation. As such, Authentication can precede authorization in such a manner as a person can be authenticated by showing proper identification to a bank teller prior to authorization for access to his or her bank account. However, the authenticated person would not be authorized to access someone else's account. Since authorization does not typically occur without authentication, the term is authorization can also refer to the combination of authentication and authorization.
Biometric authentication is a more recent development. Biometrics is generally known as the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology, biometric authentication typically refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Examples of physical (or physiological or biometric) characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioral characteristics include signature, gait and typing patterns. Generally, behavioral biometric characteristics can have a physiological component, and, to a lesser degree, physical biometric characteristics can have a behavioral element. Some researchers have coined the term behaviometrics for behavioral biometrics such as typing rhythm or mouse gestures where the analysis can be done continuously without interrupting or interfering with user activities.
Authentication is an important part of a secure computing environment. As the use of computing devices is ever increasing, improved authentication techniques would be greatly beneficial.