# Access controls and authentication systems

<div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-protecting-data-is-a"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Protecting data is a fundamental feature of security controls." class="rc-Phrase css-ugczj4" data-cue="1" data-cue-index="0" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Protecting data is a fundamental feature of security controls. </span></div><div aria-label="toggle video from When it comes to keeping information safe and secure, hashing and encryption" class="rc-Phrase css-ugczj4" data-cue="2" data-cue-index="1" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">When it comes to keeping information safe and secure, hashing and encryption </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">are powerful, yet limited tools. </span></div><div aria-label="toggle video from Managing who or" class="rc-Phrase css-ugczj4" data-cue="4" data-cue-index="3" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Managing who or </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">what has access to information is also key to safeguarding information. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-the-next-series-of-c"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from The next series of controls that we'll be exploring are access controls," class="rc-Phrase css-ugczj4" data-cue="6" data-cue-index="5" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">The next series of controls that we'll be exploring are access controls, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">the security controls that manage access, authorization, and </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">accountability of information. </span></div><div aria-label="toggle video from When done well, access controls maintain data confidentiality," class="rc-Phrase css-ugczj4" data-cue="9" data-cue-index="8" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">When done well, access controls maintain data confidentiality, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">integrity, and availability. </span></div><div aria-label="toggle video from They also get users the information they need quickly." class="rc-Phrase css-ugczj4" data-cue="11" data-cue-index="10" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">They also get users the information they need quickly. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--1"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-these-systems-are-co"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from These systems are commonly broken down into three separate, yet related functions" class="rc-Phrase css-ugczj4" data-cue="12" data-cue-index="11" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">These systems are commonly broken down into three separate, yet related functions </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">known as the authentication, authorization, and accounting framework. </span></div><div aria-label="toggle video from Each control has its own protocol and systems that make them work." class="rc-Phrase css-ugczj4" data-cue="14" data-cue-index="13" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Each control has its own protocol and systems that make them work. </span></div><div aria-label="toggle video from In this video, let's get comfortable with the basics of the first one on the list," class="rc-Phrase css-ugczj4" data-cue="15" data-cue-index="14" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">In this video, let's get comfortable with the basics of the first one on the list, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">authentication. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--2"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-authentication-syste"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Authentication systems are access controls that serve a very basic purpose." class="rc-Phrase css-ugczj4" data-cue="17" data-cue-index="16" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Authentication systems are access controls that serve a very basic purpose. </span></div><div aria-label="toggle video from They ask anything attempting to access information" class="rc-Phrase css-ugczj4" data-cue="18" data-cue-index="17" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">They ask anything attempting to access information </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">this simple question: who are you? </span></div><div aria-label="toggle video from Organizations go about collecting answers to these questions differently," class="rc-Phrase css-ugczj4" data-cue="20" data-cue-index="19" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Organizations go about collecting answers to these questions differently, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">depending on the objectives of their security policy. </span></div><div aria-label="toggle video from Some are more thorough than others, but in general," class="rc-Phrase css-ugczj4" data-cue="22" data-cue-index="21" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Some are more thorough than others, but in general, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">responses to this question can be based on three factors of authentication. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--3"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-the-first-is-knowled"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from The first is knowledge. Authentication by knowledge refers to something the user" class="rc-Phrase css-ugczj4" data-cue="24" data-cue-index="23" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">The first is knowledge. Authentication by knowledge refers to something the user </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">knows, like a password or </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">the answer to a security question they provided previously. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--4"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-another-factor-is-ow"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Another factor is ownership, referring to something the user possesses." class="rc-Phrase css-ugczj4" data-cue="27" data-cue-index="26" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Another factor is ownership, referring to something the user possesses. </span></div><div aria-label="toggle video from A commonly used type of authentication by ownership is a one-time passcode, or OTP." class="rc-Phrase css-ugczj4" data-cue="28" data-cue-index="27" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">A commonly used type of authentication by ownership is a one-time passcode, or OTP. </span></div><div aria-label="toggle video from You've probably experienced these at one time or another." class="rc-Phrase css-ugczj4" data-cue="29" data-cue-index="28" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">You've probably experienced these at one time or another. </span></div><div aria-label="toggle video from They're a random number sequence that an application or website" class="rc-Phrase css-ugczj4" data-cue="30" data-cue-index="29" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">They're a random number sequence that an application or website </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">will send you via text or email and ask you to provide. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--5"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-last-is-characterist"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Last is characteristic. Authentication by this factor is something the user is." class="rc-Phrase css-ugczj4" data-cue="32" data-cue-index="31" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Last is characteristic. Authentication by this factor is something the user is. </span></div><div aria-label="toggle video from Biometrics, like fingerprint scans on your smartphone, are example of this type of" class="rc-Phrase css-ugczj4" data-cue="33" data-cue-index="32" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Biometrics, like fingerprint scans on your smartphone, are example of this type of </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">authentication. </span></div><div aria-label="toggle video from While not used everywhere, this form of authentication is becoming more common" class="rc-Phrase css-ugczj4" data-cue="35" data-cue-index="34" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">While not used everywhere, this form of authentication is becoming more common </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">because it's much tougher for criminals to impersonate someone </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">if they have to mimic a fingerprint or facial scan as opposed to a password. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--6"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-the-information-prov"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from The information provided during authentication needs to match" class="rc-Phrase css-ugczj4" data-cue="38" data-cue-index="37" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">The information provided during authentication needs to match </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">the information on file for these access controls to work. </span></div><div aria-label="toggle video from When the credentials don't match, authentication fails and access is denied." class="rc-Phrase css-ugczj4" data-cue="40" data-cue-index="39" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">When the credentials don't match, authentication fails and access is denied. </span></div><div aria-label="toggle video from When they match, access is granted." class="rc-Phrase css-ugczj4" data-cue="41" data-cue-index="40" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">When they match, access is granted. </span></div><div aria-label="toggle video from When they match, access is granted." class="rc-Phrase css-ugczj4" data-cue="41" data-cue-index="40" role="button" tabindex="0"></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-incorrectly-denying-"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Incorrectly denying access can be frustrating to anyone." class="rc-Phrase css-ugczj4" data-cue="42" data-cue-index="41" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Incorrectly denying access can be frustrating to anyone. </span></div><div aria-label="toggle video from To make access systems more convenient," class="rc-Phrase css-ugczj4" data-cue="43" data-cue-index="42" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">To make access systems more convenient, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">many organizations these days rely on single sign-on. </span></div><div aria-label="toggle video from Single sign-on, or" class="rc-Phrase css-ugczj4" data-cue="45" data-cue-index="44" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Single sign-on, or </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">SSO, is a technology that combines several different logins into one. </span></div><div aria-label="toggle video from Can you imagine having to reintroduce yourself every time you meet up with" class="rc-Phrase css-ugczj4" data-cue="47" data-cue-index="46" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Can you imagine having to reintroduce yourself every time you meet up with </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">a friend? </span></div><div aria-label="toggle video from That's exactly the sort of problem SSO solves." class="rc-Phrase css-ugczj4" data-cue="49" data-cue-index="48" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">That's exactly the sort of problem SSO solves. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--7"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-instead-of-requiring"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Instead of requiring users to authenticate over and over again, SSO establishes" class="rc-Phrase css-ugczj4" data-cue="50" data-cue-index="49" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Instead of requiring users to authenticate over and over again, SSO establishes </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">their identity once, allowing them to gain access to company resources faster. </span></div><div aria-label="toggle video from While SSO systems are helpful when it comes to speeding up the authentication process," class="rc-Phrase css-ugczj4" data-cue="52" data-cue-index="51" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">While SSO systems are helpful when it comes to speeding up the authentication process, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">they present a significant vulnerability when used alone. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--8"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-denying-access-to-au"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Denying access to authorized users can be frustrating," class="rc-Phrase css-ugczj4" data-cue="54" data-cue-index="53" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Denying access to authorized users can be frustrating, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">but you know what's even worse? Incorrectly granting access to the wrong user. </span></div><div aria-label="toggle video from SSO technology is great, but not if it relies on just a single factor of" class="rc-Phrase css-ugczj4" data-cue="56" data-cue-index="55" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">SSO technology is great, but not if it relies on just a single factor of </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">authentication. Adding more authentication factors strengthen these systems. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--9"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk-multi-factor-authent"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from Multi-factor authentication, or MFA, is a security measure, which requires" class="rc-Phrase css-ugczj4" data-cue="58" data-cue-index="57" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Multi-factor authentication, or MFA, is a security measure, which requires </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">a user to verify their identity in two or more ways to access a system or network. </span></div><div aria-label="toggle video from MFA combines two or more independent credentials, like knowledge and" class="rc-Phrase css-ugczj4" data-cue="60" data-cue-index="59" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">MFA combines two or more independent credentials, like knowledge and </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">ownership, to prove that someone is who they claim to be. </span></div></div></div></div><div class="cds-1 css-xl5mb3 cds-2" id="bkmrk--10"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item">  
</div></div><div class="cds-1 css-arowdh cds-3 cds-grid-item cds-48 cds-73" id="bkmrk-sso-and-mfa-are-ofte"><div><div class="rc-TranscriptHighlighter css-79elbk"><div class="rc-Transcript css-9li235" data-track="true" data-track-action="click" data-track-app="open_course_home" data-track-component="interactive_transcript" data-track-page="item_layout" role="presentation"><div class="cds-1 css-xl5mb3 cds-2"><div class="cds-1 rc-Paragraph css-1lz62pp cds-3 cds-grid-item"><div class="phrases"><div aria-label="toggle video from SSO and MFA are often used in conjunction with one another" class="rc-Phrase css-ugczj4" data-cue="62" data-cue-index="61" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">SSO and MFA are often used in conjunction with one another </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">to layer the defense capabilities of authentication systems. </span></div><div aria-label="toggle video from When both are used, organizations can ensure convenient access" class="rc-Phrase css-ugczj4" data-cue="64" data-cue-index="63" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">When both are used, organizations can ensure convenient access </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">that is also secure. </span></div><div aria-label="toggle video from Now that we covered authentication," class="rc-Phrase css-ugczj4" data-cue="66" data-cue-index="65" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Now that we covered authentication, </span><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">we're ready to explore the second part of the framework. </span></div><div aria-label="toggle video from Next, we'll learn about authorization!" class="rc-Phrase css-ugczj4" data-cue="68" data-cue-index="67" role="button" tabindex="0"><span aria-hidden="true" class="cds-137 css-80vnnb cds-139">Next, we'll learn about authorization! </span></div></div></div></div></div></div></div></div><div class="cds-1 css-hcqebr cds-3 cds-grid-item cds-48 cds-66" id="bkmrk--11"><div class="cds-313 cds-formControl-root css-4p0j7c cds-316"></div></div><fieldset aria-hidden="true" class="cds-373 cds-345 cds-input-notchedOutline" id="bkmrk--12"></fieldset><div class="cds-313 cds-formControl-root css-4p0j7c cds-316" id="bkmrk-the-three-factors-of"><div class="cds-351 cds-336 cds-input-root cds-input-onLight cds-select-field-root css-rg9d6z cds-352"><fieldset aria-hidden="true" class="cds-373 cds-345 cds-input-notchedOutline">  
The three factors of authentication are: characteristic, ownership, and knowledge. A characteristic is used to verify a user's identity using *something the user is*, such as their fingerprint or other biometrics.

The three factors of authentication are: characteristic, ownership, and knowledge. Knowledge is used to verify a user's identity using *something the user knows*, like a password.

The three factors of authentication are: characteristic, ownership, and knowledge. Ownership is used to verify a user's identity using *something the user possesses*, like a one-time passcode.

</fieldset></div></div>