User Authentication

operating-systems security

Definition

User Authentication

User authentication is the process of verifying the identity of a user or process attempting to access a system.

Authentication Factors

Authentication typically relies on one or more of the following:

1. Possession: Something the user has (e.g., a physical key, chip card, or token).
2. Attribute (Biometrics): Something the user is (e.g., fingerprint, iris scan, facial recognition).
3. Knowledge: Something the user knows (e.g., a password or PIN).

Passwords

Passwords are the most common but often weakest authentication factor.

• Vulnerabilities: Default passwords, dictionary attacks, brute-forcing short names, and social engineering.
• Search Space: The number of possible 7-character passwords (using 95 printable chars) is approx. $7\times 10^{13}$.
• Salt: To increase the search space and prevent pre-computed attacks (like rainbow tables), the system adds $n$ bits of random data (salt) to the password before hashing (e.g., a 12-bit salt increases the space by a factor of $2^{12}$).

Countermeasures

• One-time Passwords (OTP): Codes valid for a single session.
• Challenge-Response: The system issues a challenge that the user must answer using a secret key.
• Login Delays: Intentionally slowing down the system after failed attempts to prevent rapid brute-forcing.
• Logging: Recording and displaying the date/time of the last successful login.