User security contains three parts:
- Authentication
- Authorization
- Audit
Authentication simply means verifying who the user claims to be. There are three factors of authentication:
- Who you are
- What you know
- What you have
I am sure you have heard the term two-factor authentication everywhere. The more factors you use, the more secure authentication is. More factors also mean more inconvenience; otherwise, three-factor authentication is always used.
Let's understand it with a few examples. Let's say you go to an ATM to withdraw money. How many factors are used? You pull out your ATM card (what you have), insert it, and enter your pin (what you know). This is two-factor authentication.
How about online banking? You enter your username/password ( what you know) and you are logged in. So only one factor. This is the reason why for commercial banking, banks give you a mobile token (what you have) using which you get a unique code each time, called one time password...