Changes

Security+ - Authentication and Identity Verification

31 bytes added, 19:20, 18 March 2009
m
Username and Password
Perhaps the most rudimentary and least secure level of authentication involves the use of a username and password to access a system. This approach simply involves presenting a user with prompts for a username and password, which if entered correctly will permit access to the system. For many years this was the primary method of authentication control.
<google>ADSDAQBOX_FLOW</google>
The weakest form of username and password authentication uses ''plain text'' communication where both credentials are transmitted to the server in an unencrypted format allowing anyone eavesdropping on the connection using ''sniffing'' technology to easily identify the user name and password and subsequently use them to gain unauthorized system access. Remote access technology such as ''telnet'' use plain text when presenting authentication credentials. For this reason alone the use of telnet for providing remote access to systems has been largely discontinued in favor of encrypted alternatives.