Authentication is the process of establishing a user’s identity. In other words, it is who they are.
Authentication is sometimes abbreviated to AuthN.
While it is related, it is not the same thing as authorization.
Authentication is based on one or more of the following factors:
- Something you know (a password, PIN, security image, etc)
- Something you have (a TOTP token generator like Authy, a Yubikey, etc)
- Something you are (fingerprint or retina scans, etc)
Username and password logins are single-factor authentication. Multi-Factor Authentication (MFA) adds a second factor of a different type. Two separate checks of the same factor do not count as MFA — for example, a password and security image are still both things you know and are therefore still single-factor.