Authentication is how you confirm someone is who they say they are (and how apps confirm it, too).
Story: Snout Recognition Is Not Enough
How do you know who someone is, for sure?
Until recently, it didn’t matter to businesses. Most customers showed up in person, and paid in cash. Most merchants knew their customers by sight. Very occasionally, you might get asked to see a drivers license.
But suddenly we spend so much time (and money) online, that authentication is key to doing business safely. It’s just too easy to impersonate someone online.
Here’s a saying to help understand authentication: “Something You Are, Something You Know, Something You Have.“
Let’s pretend you’re running an Internet banking app, and a dog tries to log in and make a withdrawal. (‘On the Internet, no one knows that you’re a dog’ was one of the first memes)
The dog types in her password (“something you know“), but that’s not enough… because it’s too easy to steal passwords.
The dog then agrees to ‘snout recognition,’ (“something you are“) and turns on her camera, allowing you to scan her snout and match it to your biometrics database. But the match is only 97% confidence to the picture on file.
The dog then scans her city-issued name tag (“something you have“) in front of the camera, with her license number.
Bingo! You now have very good “three-factor authentication” on this dog, which is the best type of authentication. It hard to imagine an imposter dog would be able to spoof this – they might know her password, but wouldn’t be able to also spoof her snout, and produce an exact replica of her tag as well.
Most websites and apps still just use a password (‘single factor authentication’ – or something you know). But more of them are adding a second factor based on your phone (something you have), like texting a special code, or using facial recognition capability (something you are) as the second factor.
As criminals get better at stealing identities, authentication keeps getting more difficult to do. Businesses want to make it easy for customers to do business, while also doing as much authentication as possible.
So to protect yourself from theft, you should always use at least two factor authentication (something you know, something you have or are) on your most important accounts.
But if you’re running a lemonade stand and don’t care too much who is buying… maybe just ask for the cash!