User authentication can be understood to be the act of proving to a computer-based system that a user is who she or he claims to be (i.e., authentication of the identity of the user). User authentication is often described in terms of something you know (e.g., a password), something you have (e.g., an ATM card), or something you are (e.g., fingerprint). User authentication is the process of verifying one or more of these factors.
For example, a typical computer user is required to authenticate himself for a wide variety of purposes, such as logging in to a computer account, retrieving e-mail from servers, accessing certain files, databases, networks, web sites, etc. In banking applications, a bank account holder is required to enter a personal identification number (PIN) in order to access an automated teller machine (ATM) to conduct a banking transaction.
The main problem to be solved is authenticating in a convenient and secure way. Many systems for user authentication are available although none are completely satisfactory. For example, existing authentication solutions typically have a user type a password or personal identification number (PIN), also called credentials.
Using passwords is both tedious and often not very secure. For example, others can see or overhear passwords. A major problem is remembering multiple passwords and users are forced either to use the same password for all authentication systems (not secure) or forever recover/reset passwords as they become forgotten. Users may choose very simple, easily ascertained passwords. If a more difficult password is chosen, the user may write the password down, making it subject to theft. Broadly speaking, there is a continuum with passwords—those that are easy to remember and those that that are obscure, making them harder to guess. To date, authenticators have been singular. You have a password. You lose it, you need a new one.
Biometrics such as fingerprints, retinal scans, and voice characteristics can also be used to help uniquely identify an individual. However, biometrics can and will be spoofed. For example, a user's fingerprint can be recreated from an existing sample and used to fool a fingerprint scanner.
As a result, improved methods and apparatuses for user authentication are needed.