Authentication – a key element in enterprise password security

Reliable authentication is a critical element of enterprise password security. It is the process of verifying a user’s identity. In other words, making sure that only the people who have a right to access the system can do it.

When you’re signing up for a new website, you need to create a unique username and password.

When you’re coming back after some time, you type in the same login combination, known only by you. And you access the website.

So what happens behind the scenes of the authentication process?

Let’s find out.

Here’s what should NOT happen during the authentication process

Looking back at the early days, enterprise password security was weak.

Authentication worked similarly as it did when playing games in your childhood. You had to tell a “secret code” to a gatekeeper, and if it matched the one he “stored” in his mind, you could pass the door.

Similarly, enterprise passwords used to be stored in plaintext, in a database. Each time you typed in your login credentials, they were checked for a match of the combination in the database. However, there was one thing seriously wrong with this authentication method – if a hacker breached the database, he could immediately expose all the logins stored in it.

Authentication in the current enterprise password security

Nowadays, password managers that provide advanced enterprise password security (such as PassCamp) run complex authentication processes.

The role of a Master Password

A Master password, a unique password that you create when registering to the application, plays the most important role in enterprise password security. It is a primary tool that is used to authenticate you.

Your unique Master password never leaves your device in plaintext form. It locks and unlocks the public and private keys on your device(f.e. your phone).

Therefore, the two things are essential here. First, never reuse this password on any other website. Second, never lose it (your password manager will be able to recover it for you).

How does the authentication process work?

When you register to a new website, app, or system, you provide an identifier(f.e. a username or an email address) and create a Master password( preferably a strong one).

In the meantime, an application takes some additional steps to process your data:

1. The RSA asymmetric algorithm encrypts keys of the AES symmetric cipher. Then AES cipher is used to encrypt your sensitive data (passwords), which means to turn your data into unreadable strings of symbols. The RSA protects your data when you send it over the internet.

2. The server uses a Secure Remote Password protocol (Zero-knowledge proof), to confirm that you know your password without revealing or sending it. The server always stores only the “verifier” – information about the password but not the password itself. (Read more about this concept here.)

3. All this generated additional information about you (identifier, public and private keys, verifier, and salt) is sent to the server and processed. If all the proofs are valid, you are successfully verified.

Authentication – base of your online security

So, each time you log in to your account, this complex process always runs in the background. It ensures that only you can access your data. This makes authentication an essential part of any cyber safety-focused tool.

Therefore, when you’re about to choose a new tool for your enterprise password security,  always check how the authentication is implemented. This aspect is non-negotiable – it is the core base of your company’s security.

If you want to read more about the technical side of authentication, check out PassCamp white paper.