An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator.
In the simplest case, the authenticator is a common
password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
.
Using the terminology of the NIST Digital Identity Guidelines,
the party to be authenticated is called the ''claimant'' while the party verifying the identity of the claimant is called the ''verifier''. When the claimant successfully demonstrates possession and control of one or more authenticators to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.
Classification
Authenticators may be characterized in terms of secrets, factors, and physical forms.
Authenticator secrets
Every authenticator is associated with at least one secret that the claimant uses to demonstrate possession and control of the authenticator. Since an attacker could use this secret to impersonate the user, an authenticator secret must be protected from theft or loss.
The type of secret is an important characteristic of the authenticator. There are three basic types of authenticator secret: a memorized secret and two types of cryptographic keys, either a symmetric key or a private key.
Memorized secret
A memorized secret is intended to be memorized by the user. A well-known example of a memorized secret is the common
password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
, also called a passcode, a
passphrase, or a
personal identification number
A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system.
The PIN has been the key to facilitatin ...
(PIN).
An authenticator secret known to both the claimant and the verifier is called a
shared secret
In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a password, a passphrase, a big number, o ...
. For example, a memorized secret may or may not be shared. A symmetric key is shared by definition. A private key is not shared.
An important type of secret that is both memorized and shared is the password. In the special case of a password, the authenticator is the secret.
Cryptographic key
A cryptographic authenticator is one that uses a
cryptographic key. Depending on the key material, a cryptographic authenticator may use
symmetric-key cryptography
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between ...
or
public-key cryptography
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic a ...
. Both avoid memorized secrets, and in the case of public-key cryptography, there are no
shared secret
In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a password, a passphrase, a big number, o ...
s as well, which is an important distinction.
Examples of cryptographic authenticators include OATH authenticators and FIDO authenticators. By way of counterexample, a password authenticator is not a cryptographic authenticator. See the
#Examples section for details.
=Symmetric key
=
A symmetric key is a shared secret used to perform symmetric-key cryptography. The claimant stores their copy of the shared key in a dedicated hardware-based authenticator or a software-based authenticator implemented on a smartphone. The verifier holds a copy of the symmetric key.
=Public-private key pair
=
A public-private key pair is used to perform public-key cryptography. The public key is known to (and trusted by) the verifier while the corresponding private key is bound securely to the authenticator. In the case of a dedicated hardware-based authenticator, the private key never leaves the confines of the authenticator.
Authenticator factors and forms
An authenticator is something unique or distinctive to a user (''something that one has''), is activated by either a
PIN (''something that one knows''), or is a
biometric
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify ...
("something that is unique to oneself"). An authenticator that provides only one of these factors is called a single-factor authenticator whereas a multi-factor authenticator incorporates two or more factors. A multi-factor authenticator is one way to achieve
multi-factor authentication
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
. A combination of two or more single-factor authenticators is not a multi-factor authentication, yet may be suitable in certain conditions.
Authenticators may take a variety of physical forms (except for a memorized secret, which is intangible). One can, for example, hold an authenticator in one's hand or wear one on the face, wrist, or finger.
It is convenient to describe an authenticator in terms of its hardware and software components. An authenticator is hardware-based or software-based depending on whether the secret is stored in hardware or software, respectively.
An important type of hardware-based authenticator is called a security key, also called a
security token (not to be confused with
access token
In computer systems, an access token contains the security credentials for a login session and identifies the user, the user's groups, the user's privileges, and, in some cases, a particular application. In some instances, one may be asked to en ...
s,
session tokens, or other types of security tokens). A security key stores its secret in hardware, which prevents the secret from being exported. A security key is also resistant to malware since the secret is at no time accessible to software running on the host machine.
A software-based authenticator (sometimes called a
software token) may be implemented on a general-purpose electronic device such as a
laptop, a
tablet computer
A tablet computer, commonly shortened to tablet, is a mobile device, typically with a mobile operating system and touchscreen display processing circuitry, and a rechargeable battery in a single, thin and flat package. Tablets, being comput ...
, or a
smartphone
A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
. For example, a software-based authenticator implemented as a
mobile app
A mobile application or app is a computer program or software application designed to run on a mobile device such as a phone, tablet, or watch. Mobile applications often stand in contrast to desktop applications which are designed to run on ...
on the claimant's smartphone is a type of phone-based authenticator. To prevent access to the secret, a software-based authenticator may use a processor's
trusted execution environment or a
Trusted Platform Module
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...
(TPM) on the client device.
A platform authenticator is built into a particular client device platform, that is, it is implemented on device. In contrast, a roaming authenticator is a cross-platform authenticator that is implemented off device. A roaming authenticator connects to a device platform via a transport protocol such as
USB.
Examples
The following sections describe narrow classes of authenticators. For a more comprehensive classification, see the NIST Digital Identity Guidelines.
Single-factor authenticators
To use an authenticator, the claimant must explicitly indicate their intent to authenticate. For example, each of the following gestures is sufficient to establish intent:
* The claimant types a password into a password field, or
* The claimant places their finger on a fingerprint reader, or
* The claimant presses a button to indicate approval
The latter is called a test of user presence (TUP). To activate a single-factor authenticator (''something that one has''), the claimant may be required to perform a TUP, which avoids unintended operation of the authenticator.
A
password
A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
is a secret that is intended to be memorized by the claimant and shared with the verifier. Password authentication is the process whereby the claimant demonstrates knowledge of the password by transmitting it over the network to the verifier. If the transmitted password agrees with the previously shared secret, user authentication is successful.
OATH OTP
One-time passwords (OTPs) have been used since the 1980s. In 2004, an Open Authentication Reference Architecture for the secure generation of OTPs was announced at the annual
RSA Conference
The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia ...
. The
Initiative for Open Authentication (OATH) launched a year later. Two IETF standards grew out of this work, the
HMAC-based One-time Password (HOTP) algorithm and the
Time-based One-time Password (TOTP) algorithm specified by RFC 4226 and RFC 6238, respectively. By OATH OTP, we mean either HOTP or TOTP. OATH certifies conformance with the HOTP and TOTP standards.
A traditional password (''something that one knows'') is often combined with a one-time password (''something that one has'') to provide two-factor authentication.
Both the password and the OTP are transmitted over the network to the verifier. If the password agrees with the previously shared secret, and the verifier can confirm the value of the OTP, user authentication is successful.
One-time passwords are generated on demand by a dedicated OATH OTP authenticator that encapsulates a secret that was previously shared with the verifier. Using the authenticator, the claimant generates an OTP using a cryptographic method. The verifier also generates an OTP using the same cryptographic method. If the two OTP values match, the verifier can conclude that the claimant possesses the shared secret.
A well-known example of an OATH authenticator is the open-source
Google Authenticator,
a phone-based authenticator that implements both HOTP and TOTP.
Mobile Push
A mobile push authenticator is essentially a native app running on the claimant's mobile phone. The app uses public-key cryptography to respond to push notifications. In other words, a mobile push authenticator is a single-factor cryptographic software authenticator. A mobile push authenticator (''something that one has'') is usually combined with a password (''something that one knows'') to provide two-factor authentication. Unlike one-time passwords, mobile push does not require a shared secret beyond the password.
After the claimant authenticates with a password, the verifier makes an out-of-band authentication request to a trusted third party that manages a public-key infrastructure on behalf of the verifier. The trusted third party sends a push notification to the claimant's mobile phone. The claimant demonstrates possession and control of the authenticator by pressing a button in the user interface, after which the authenticator responds with a digitally signed assertion. The trusted third party verifies the signature on the assertion and returns an authentication response to the verifier.
The proprietary mobile push authentication protocol runs on an out-of-band secondary channel, which provides flexible deployment options. Since the protocol requires an open network path to the claimant's mobile phone, if no such path is available (due to network issues, e.g.), the authentication process can not proceed.
FIDO U2F
A
FIDO Universal 2nd Factor
Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in sma ...
(U2F) authenticator (''something that one has'') is a single-factor cryptographic authenticator that is intended to be used in conjunction with an ordinary web password. Since the authenticator relies on public-key cryptography, U2F does not require an additional shared secret beyond the password.
To access a U2F authenticator, the claimant is required to perform a test of user presence (TUP), which helps prevent unauthorized access to the authenticator's functionality. In practice, a TUP consists of a simple button push.
A U2F authenticator interoperates with a conforming web
user agent
In computing, a user agent is any software, acting on behalf of a user, which "retrieves, renders and facilitates end-user interaction with Web content". A user agent is therefore a special kind of software agent.
Some prominent examples of u ...
that implements the U2F JavaScript API. A U2F authenticator necessarily implements the CTAP1/U2F protocol, one of the two protocols specified in the FIDO
Client to Authenticator Protocol
The Client to Authenticator Protocol (CTAP) or X.1278 enables a roaming, user-controlled cryptographic authenticator (such as a smartphone or a hardware security key) to interoperate with a client platform such as a laptop.
Standard
CTAP is comp ...
.
Unlike mobile push authentication, the U2F authentication protocol runs entirely on the front channel. Two round trips are required. The first round trip is ordinary password authentication. After the claimant authenticates with a password, the verifier sends a challenge to a conforming browser, which communicates with the U2F authenticator via a custom JavaScript API. After the claimant performs the TUP, the authenticator signs the challenge and returns the signed assertion to the verifier via the browser.
Multi-factor authenticators
To use a multi-factor authenticator, the claimant performs full user verification. The multi-factor authenticator (''something that one has'') is activated by a
PIN (''something that one knows''), or a
biometric
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify ...
(''something that is unique to oneself"; e.g. fingerprint, face or voice recognition''), or some other verification technique.
,
ATM card
To withdraw cash from an
automated teller machine
An automated teller machine (ATM) or cash machine (in British English) is an electronic telecommunications device that enables customers of financial institutions to perform financial transactions, such as cash withdrawals, deposits, f ...
(ATM), a bank customer inserts an ATM card into a cash machine and types a Personal Identification Number (PIN). The input PIN is compared to the PIN stored on the card's chip. If the two match, the ATM withdrawal can proceed.
Note that an ATM withdrawal involves a memorized secret (i.e., a PIN) but the true value of the secret is not known to the ATM in advance. The machine blindly passes the input PIN to the card, which compares the customer's input to the secret PIN stored on the card's chip. If the two match, the card reports success to the ATM and the transaction continues.
An ATM card is an example of a multi-factor authenticator. The card itself is ''something that one has'' while the PIN stored on the card's chip is presumably ''something that one knows''. Presenting the card to the ATM and demonstrating knowledge of the PIN is a kind of multi-factor authentication.
Secure Shell
Secure Shell
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
SSH applications are based ...
(SSH) is a client-server protocol that uses public-key cryptography to create a secure channel over the network. In contrast to a traditional password, an SSH key is a cryptographic authenticator. The primary authenticator secret is the SSH private key, which is used by the client to digitally sign a message. The corresponding public key is used by the server to verify the message signature, which confirms that the claimant has possession and control of the private key.
To avoid theft, the SSH private key (''something that one has'') may be encrypted using a
passphrase (''something that one knows''). To initiate a two-factor authentication process, the claimant supplies the passphrase to the client system.
Like a password, the SSH passphrase is a memorized secret but that is where the similarity ends. Whereas a password is a shared secret that is transmitted over the network, the SSH passphrase is not shared, and moreover, use of the passphrase is strictly confined to the client system. Authentication via SSH is an example of
passwordless authentication since it avoids the transmission of a shared secret over the network. In fact, SSH authentication does not require a shared secret at all.
FIDO2
The FIDO U2F protocol standard became the starting point for the
FIDO2 Project
The FIDO2 Project is a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C) whose goal is to create strong authentication for the web. At its core, FIDO2 consists of the W3C Web Authentication ( WebAuthn) standard and ...
, a joint effort between the World Wide Web Consortium (W3C) and the FIDO Alliance. Project deliverables include the W3C Web Authentication (
WebAuthn) standard and the FIDO
Client to Authenticator Protocol
The Client to Authenticator Protocol (CTAP) or X.1278 enables a roaming, user-controlled cryptographic authenticator (such as a smartphone or a hardware security key) to interoperate with a client platform such as a laptop.
Standard
CTAP is comp ...
(CTAP).
Together WebAuthn and CTAP provide a
strong authentication solution for the web.
A FIDO2 authenticator, also called a WebAuthn authenticator, uses public-key cryptography to interoperate with a WebAuthn client, that is, a conforming web
user agent
In computing, a user agent is any software, acting on behalf of a user, which "retrieves, renders and facilitates end-user interaction with Web content". A user agent is therefore a special kind of software agent.
Some prominent examples of u ...
that implements the WebAuthn
JavaScript
JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...
API.
The authenticator may be a platform authenticator, a roaming authenticator, or some combination of the two. For example, a FIDO2 authenticator that implements the CTAP2 protocol
is a roaming authenticator that communicates with a WebAuthn client via one or more of the following transport options:
USB,
near-field communication
Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1 in) or less. NFC offers a low-speed connection through a simple setup that can be u ...
(NFC), or
Bluetooth Low Energy (BLE). Concrete examples of FIDO2 platform authenticators include Windows Hello and the
Android operating system.
A FIDO2 authenticator may be used in either single-factor mode or multi-factor mode. In single-factor mode, the authenticator is activated by a simple test of user presence (e.g., a button push). In multi-factor mode, the authenticator (''something that one has'') is activated by either a
PIN (''something that one knows'') or a
biometric
Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify ...
("something that is unique to oneself").
Security code
First and foremost, strong authentication begins with
multi-factor authentication
Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
. The best thing one can do to protect a personal online account is to enable multi-factor authentication.
There are two ways to achieve multi-factor authentication:
# Use a multi-factor authenticator
# Use a combination of two or more single-factor authenticators
In practice, a common approach is to combine a password authenticator (''something that one knows'') with some other authenticator (''something that one has'') such as a cryptographic authenticator.
Generally speaking, a
cryptographic authenticator is preferred over an authenticator that does not use cryptographic methods. All else being equal, a cryptographic authenticator that uses public-key cryptography is better than one that uses symmetric-key cryptography since the latter requires shared keys (which may be stolen or misused).
Again all else being equal, a hardware-based authenticator is better than a software-based authenticator since the authenticator secret is presumably better protected in hardware. This preference is reflected in the NIST requirements outlined in the next section.
NIST authenticator assurance levels
NIST defines three levels of assurance with respect to authenticators. The highest authenticator assurance level (AAL3) requires multi-factor authentication using either a multi-factor authenticator or an appropriate combination of single-factor authenticators. At AAL3, at least one of the authenticators must be a cryptographic hardware-based authenticator. Given these basic requirements, possible authenticator combinations used at AAL3 include:
# A multi-factor cryptographic hardware-based authenticator
# A single-factor cryptographic hardware-based authenticator used in conjunction with some other authenticator (such as a password authenticator)
See the NIST Digital Identity Guidelines for further discussion of authenticator assurance levels.
Restricted authenticators
Like authenticator assurance levels, the notion of a restricted authenticator is a NIST concept.
The term refers to an authenticator with a demonstrated inability to resist attacks, which puts the reliability of the authenticator in doubt. Federal agencies mitigate the use a restricted authenticator by offering subscribers an alternative authenticator that is not restricted and by developing a migration plan in the event that a restricted authenticator is prohibited from use at some point in the future.
Currently, the use of the
public switched telephone network
The public switched telephone network (PSTN) provides infrastructure and services for public telecommunication. The PSTN is the aggregate of the world's circuit-switched telephone networks that are operated by national, regional, or local telep ...
is restricted by NIST. In particular, the out-of-band transmission of one-time passwords (OTPs) via recorded voice messages or
SMS
Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text ...
messages is restricted. Moreover, if an agency chooses to use voice- or SMS-based OTPs, that agency must verify that the OTP is being transmitted to a phone and not an IP address since
Voice over IP
Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Interne ...
(VoIP) accounts are not routinely protected with multi-factor authentication.
Comparison
It is convenient to use passwords as a basis for comparison since it is widely understood how to use a password. On computer systems, passwords have been used since at least the early 1960s.
More generally, passwords have been used since ancient times.
In 2012, Bonneau et al. evaluated two decades of proposals to replace passwords by systematically comparing web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security. (The cited technical report is an extended version of the peer-reviewed paper by the same name.) They found that most schemes do better than passwords on security while ''every'' scheme does worse than passwords on deployability. In terms of usability, some schemes do better and some schemes do worse than passwords.
Google used the evaluation framework of Bonneau et al. to compare security keys to passwords and one-time passwords.
They concluded that security keys are more usable and deployable than one-time passwords, and more secure than both passwords and one-time passwords.
See also
*
Electronic authentication Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication proc ...
References
{{reflist
Authentication