Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Security

What is Authentication?

The process of verifying that someone or something is who or what they claim to be. Authentication answers 'Are you who you say you are?'—distinct from authorization, which answers 'What are you allowed to do?'

Also known as: Auth, Identity verification

Authentication is the gatekeeper. Without it, anyone could pretend to be you.

Authentication Factors

Something You Know

  • Passwords, PINs, security questions
  • Weakest factor—can be stolen, guessed, or phished

Something You Have

  • Phone (SMS, authenticator app)
  • Hardware security key (YubiKey)
  • Smart card

Something You Are

  • Fingerprint, face, iris
  • Biometrics—convenient but can't be changed if compromised

Multi-Factor Authentication (MFA)

Using two or more factors dramatically improves security:

  • 2FA: Password + phone or authenticator app
  • Phishing-resistant MFA: FIDO2/WebAuthn keys that can't be phished
  • Passwordless: Biometric + hardware key, no password at all

Authentication and Privacy

Authentication can conflict with privacy:

  • Centralized auth: Google, Facebook login—they know everywhere you sign in
  • Federated identity: Sign in with one provider across many sites
  • Self-sovereign: You control your identity, minimal disclosure
  • Anonymous auth: Prove you're human or have permission without revealing identity (zero-knowledge proofs)

Related Terms

Password Reuse

The dangerous practice of using the same password across multiple accounts — meaning that when one service is breached, attackers can access all other accounts sharing that password through automated credential stuffing attacks.

Two-Factor Authentication

A security method requiring two different types of identification to access an account: something you know (password) plus something you have (phone, hardware key) or something you are (biometric). This significantly reduces the risk of unauthorized access even if your password is compromised.

Zero-Knowledge Proof

A cryptographic method by which one party can prove to another party that they know a value, without conveying any information apart from the fact that they know the value. This allows authentication and verification without exposing sensitive data.

Have more questions?

Use our guided flow to get the right next privacy step for Authentication.

Open Guided Flow