Modern Authentication - What, How, Why
Modern authentication replaces passwords with secure, token-based and passwordless methods.
What is Modern Authentication?
Modern Authentication is an umbrella term for token-based and identity-separated authentication systems.
Modern Authentication vs Basic Authentication
Feature
Legacy / Basic Auth
Modern Authentication
Credential HandlingLegacy / Basic Auth
App receives and stores user password.
App receives and stores user password.Modern Authentication
App only receives a temporary token.
App only receives a temporary token.Credential HandlingApp receives and stores user password.App only receives a temporary token.
Primary ProtocolLegacy / Basic AuthPOP3, IMAP, SMTP, MAPI.
POP3, IMAP, SMTP, MAPI.Modern AuthenticationOAuth 2.0, SAML 2.0, OpenID Connect.
OAuth 2.0, SAML 2.0, OpenID Connect.Primary ProtocolPOP3, IMAP, SMTP, MAPI.OAuth 2.0, SAML 2.0, OpenID Connect.
MFA SupportLegacy / Basic AuthDifficult or impossible to enforce.
Difficult or impossible to enforce.Modern AuthenticationNatively integrated and mandatory.
Natively integrated and mandatory.MFA SupportDifficult or impossible to enforce.Natively integrated and mandatory.
Session ControlLegacy / Basic AuthStatic; usually requires a full logout.
Static; usually requires a full logout.Modern AuthenticationDynamic; tokens can be revoked instantly.
Dynamic; tokens can be revoked instantly.Session ControlStatic; usually requires a full logout.Dynamic; tokens can be revoked instantly.
User ExperienceLegacy / Basic AuthFrequent password prompts.
Frequent password prompts.Modern AuthenticationSingle Sign-On (SSO) capabilities.
Single Sign-On (SSO) capabilities.User ExperienceFrequent password prompts.Single Sign-On (SSO) capabilities.Modern Authentication - Key Protocols
Modern Authentication is built on these industry-standard languages
SAML 2.0: XML-based SSO protocol.
OAuth 2.0: Authorization framework.
OpenID Connect: Authentication layer over OAuth.
Types of Modern Authentication
Category
Basic
Types (Examples)
KnowledgeBasic
Something you know
Types (Examples)
Passwords, PINs, or Secret Questions.
KnowledgeSomething you know
Passwords, PINs, or Secret Questions.
PossessionBasic
Something you have
Types (Examples)
Hardware keys (YubiKey), Smartphone (Authenticator App), or SMS codes.
PossessionSomething you have
Hardware keys (YubiKey), Smartphone (Authenticator App), or SMS codes.
InherenceBasic
Something you are
Types (Examples)
Fingerprints, Facial recognition, or Iris scans.
InherenceSomething you are
Fingerprints, Facial recognition, or Iris scans.
