User authentication can be understood to be the act of proving to a computer-based system that a user is who she or he claims to be (i.e., authentication of the identity of the user). User authentication is often described in terms of something you know (e.g., a password), something you have (e.g., an ATM card), or something you are (e.g., fingerprint). User authentication is the process of verifying one or more of these factors.
For example, a typical computer user is required to authenticate himself for a wide variety of purposes, such as logging in to a computer account, retrieving e-mail from servers, accessing certain files, databases, networks, web sites, etc. In banking applications, a bank account holder is required to enter a personal identification number (PIN) in order to access an automated teller machine (ATM) to conduct a banking transaction. The need for secure authentication is accelerating in response to more and more sophisticated and creative methods of breaching systems and compromising information.
The main problem to be solved is authenticating in a convenient and secure way. Many systems for user authentication are available although none are completely satisfactory. For example, existing authentication solutions typically have a user type a password or personal identification number (PIN), also called credentials.
Using passwords is both tedious and often not very secure. For example, others can see or overhear passwords. A major problem is remembering multiple passwords and users are forced either to use the same password for all authentication systems (not secure) or forever recover/reset passwords as they become forgotten. Broadly speaking, there is a continuum with passwords—those that are easy to remember and those that that are obscure, making them harder to guess. Users may choose very simple, easily ascertained passwords. If a more difficult password is chosen, the user may write the password down, making it subject to theft.
As a result, improved methods and apparatuses for user authentication are needed.