You are here

Authentication

See the Authentication Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

Authentication is a verification that confirms that a person/account is who the person/account says he or she is. There are three common factors of authentication:

  • something you know (e.g., knowledge of something such as password, passphrase, pin),
  • something you have (e.g., ownership of something such as smart card, digital certificate) and
  • something you are (e.g., characteristic of the person such as fingerprint, retinal pattern).

Single-factor authentication uses a single factor of authentication (e.g., something you know) to verify the identity of the user/account requesting access to resources. User login ID with a password, passphrase or pin is single-factor authentication. Use of multiple passwords is still considered single-factor authentication.

Multi-factor authentication uses two or more factors of authentication (e.g., something you know and something you have) to verify the identity of the user/account requesting access to resources. User login ID and password used in conjunction with a hardware token/phone is two-factor authentication.

Use multi-factor authentication in situations that need a stronger form of authentication.

IT staff are responsible for working with users, data owners and service directors to identify where multi- factor or single-factor authentication is needed.

Users, data owners and service directors are responsible for working with IT staff to properly use the appropriate authentication(s) for their support or user role(s).

More Information

Document Owner: University Information Security

Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: November 2014