Learning Objectives

By the end of this chapter, you will be able to:

  • Define unauthorized access.
  • Describe the three main types of authentication.
  • Explain the importance of strong passwords and two-factor authentication.

Unauthorized Access

Unauthorized access is the act of gaining access to a computer system, network, or data without permission. This is a major security threat that can lead to data theft, fraud, and system damage.

Protection: Access Control and Authentication

The primary way to protect against unauthorized access is through access control, which is the process of restricting access to resources. Access control is typically based on authentication, which is the process of verifying the identity of a user.

There are three main factors (or types) of authentication:

  1. Something you know: This is the most common form of authentication.
    • Example: A password or a PIN.
  2. Something you have: This involves possessing a physical object.
    • Example: An ATM card, a smart card, or a security token that generates a one-time code.
  3. Something you are: This uses a unique physical characteristic of the user.
    • Example: Biometrics, such as a fingerprint scan, facial recognition, or an iris scan.

Strong Authentication

To provide strong security, it is best to use more than one factor of authentication. Two-Factor Authentication (2FA) combines two of these different factors. For example, to access your bank account, you might need your password (something you know) and a one-time code sent to your phone (something you have).

Summary

Unauthorized access is a major security threat. The main defense against it is authentication, the process of verifying a user’s identity. Authentication can be based on something the user knows (a password), has (a token), or is (a fingerprint). The strongest security is achieved by using two-factor authentication, which combines two of these different methods.

Key Takeaways

  • Unauthorized access is gaining access without permission.
  • Authentication is the process of verifying identity.
  • The three factors of authentication are something you know, have, and are.
  • Two-factor authentication (2FA) provides the strongest security.

Discussion Questions

  1. What makes a password “strong”?
  2. What are the potential privacy concerns with using biometrics for authentication?
  3. What are some common websites or services you use that offer two-factor authentication?