Labs ICT
โญ Pro Login

Authentication

Passwords, biometrics, and multi-factor โ€” proving you are who you say.

Proving Who You Are

Security starts with identity. Before the OS can decide what you're allowed to do, it needs to know who you are. Authentication is the process of verifying that you are who you claim to be. It's the front door to your computer โ€” if it's weak, everything behind it is at risk.

The Three Factors of Authentication

Authentication relies on one or more of three factors:

  • Something you know โ€” Passwords, PINs, security questions. The most common method, but also the most vulnerable โ€” passwords can be guessed, stolen, or cracked.
  • Something you have โ€” Smart cards, security tokens, phone-based authenticators. These are physical objects that prove your identity. Losing them is a problem, but they're much harder to guess than passwords.
  • Something you are โ€” Biometrics โ€” fingerprints, facial recognition, iris scans, voice patterns. These are unique to you and can't be easily shared or stolen. But they can't be changed if compromised (you can't get new fingerprints).

Passwords: Still the Standard

Despite their weaknesses, passwords remain the most widely used authentication method. A strong password should be:

  • At least 12 characters long.
  • A mix of uppercase, lowercase, numbers, and symbols.
  • Not based on dictionary words, names, or predictable patterns.
  • Unique for each account โ€” no reusing passwords across sites.

Operating systems store passwords as hashes โ€” one-way mathematical transformations. When you enter your password, the OS hashes it and compares it to the stored hash. The actual password is never stored in plaintext, so even if an attacker reads the password file, they can't easily recover the original passwords.

Multi-Factor Authentication (MFA)

Using just one factor (like a password) is risky. If the password is compromised, the attacker has full access. Multi-factor authentication requires two or more factors โ€” typically a password plus something else.

Common MFA methods include:

  • SMS codes โ€” A one-time code sent to your phone. Better than nothing, but vulnerable to SIM-swapping attacks.
  • Authenticator apps โ€” Google Authenticator, Authy, or Microsoft Authenticator generate time-based codes. More secure than SMS.
  • Hardware tokens โ€” Physical devices like YubiKey that generate cryptographic codes. Very secure but require carrying an extra device.
  • Biometrics โ€” Fingerprint or face recognition combined with a password.

MFA dramatically reduces the risk of unauthorized access. Even if your password is stolen, the attacker still needs the second factor.

Pluggable Authentication Modules (PAM)

Unix and Linux systems use a framework called PAM (Pluggable Authentication Modules) that allows the OS to support different authentication methods without changing the underlying programs. You can configure PAM to require passwords, biometrics, tokens, or any combination โ€” and swap methods without rewriting software.

This flexibility is why Linux can support everything from simple password logins to complex multi-factor authentication setups across different applications.

๐Ÿงช Quick Quiz

What is multi-factor authentication?