Security and authentication - EduqasVerification and authentication

Verification and authentication check if a user is allowed access to a system. The most common method for verifying a user on a system is with a user ID and password.

Authentication checks to see if a user is allowed access to a system and that they are who they claim to be. It goes beyond verification to confirm details that only an individual would know, for example online checks asking for a mother’s maiden name.

The user ID checks to see if the name is on a list of possible users and the password is used to check if the user is who they claim to be. In the example below, the user can attempt to enter the ID and password three times before the system is locked.

userID is string password is string accepted is boolean attempts is integer set accepted = FALSE set attempts = 0 while accepted == FALSE while attempts < 3 input ““Enter user ID”, userID input “Enter password”, password if userID == storedID AND password == storedPassword set accepted = TRUE end if else output “User ID or password incorrect” set attempts = attempts + 1 end if end while if attempts = 3 output “System locked, access denied” HALT PROGRAM end if end while output “Access granted”

Additional methods to authenticate users

There are other methods which can authenticate a user of a system. These include:

• entering a PIN
• fingerprint or facial recognition
• sending an email to the user’s email address to ask them to confirm a new online payment
• asking users to answer security questions such as their mother’s maiden name or the name of their first pet - these would need to be answered by the user when the account is initially set up