What is Authentication?
The Basics of Authentication
Authentication is often described as the process of “verifying that a user is who he claims to be”. When you log in to a Website, the Website is authenticating you, i.e., it is verifying that you are who you claim to be.
The entity being authenticated may be a human user like you in the preceding example, or it may be a program or a device. The entity that is being authenticated is usually referred to as the subject.

The authenticating system, such as a Web application, does not recognize a human subject (“John Doe” in the example above) the same way another person who knows him might; It is usually a program or a device after all. If it doesn’t even recognize you in the first place, how is it able to authenticate you, i.e. verify that the entity is indeed you?
Well, the short answer is: it first identifies you (the subject), and it then authenticates you by verifying that you own that identity. Let’s talk more about the two concepts below.
Identification is the process of uniquely identifying a subject. The username — a type of subject identifier — you enter upon login tells the system that it’s dealing with a subject that has an identity represented by the specified username. A username “jdoe” may identify the subject whose name is “John Doe” and whose email address is john.doe@example.org, for example.
Authentication, on the other hand, is the process of verifying that the identified subject has ownership of that identity. The secret password “John Doe” entered upon login, if correct, provides the system a proof that he has ownership of the identity represented by the username “jdoe”.
Of course, if you shared your username (the identity) and the password (the proof you own the identity) with your friend, and your friend uses the same username and the password, the authenticating system in all likelihood shall assume that the subject — your friend — is you.
That’s it for the first issue!

