the.com/authentication
proving you are who you claim, one password at a time, badly.
means the process of verifying an identity before granting access, usually via something you know, have, or are.
from from greek authentikos, meaning original or genuine — the same root that gave us authentic, because the whole point is telling the real thing from a forgery.
three factorsknowledge, possession, inherence — password, phone, fingerprint
weakest linkmost breaches start with stolen, reused passwords
mfa impactmicrosoft says it blocks over 99 percent of account attacks
not authorizationproving who you are differs from what you are allowed to do
for instance
oauth — lets you log into apps using google or facebook, since 2010
yubikey — physical usb key, used by google internally since 2017
face id — apple's face-scan unlock, shipped on iphone x in 2017
kerberos protocol — mit's 1988 ticket system, still runs windows active directory