What is authentication and what does it do?
Authentication, in a general sense, is a way for an entity to verify
who you are when you use a service. For example, when you travel, you
often use photo identification to verify your identity. Similarly, when
you access an automated teller machine (ATM), your bank card
information and personal identification number (PIN) verify that you
can access your account.
Windows uses authentication to prove that the people using a computer system are who they claim to be. Usually users
do this by providing a user name and a password to the system for
verification. If either of these is incorrect or does not exist, the
user is denied access to the system.
How does Windows authenticate users accessing the system?
Windows can authenticate a user account in several ways to prove the identity of the person at the keyboard; these include:
Windows asks you to click a picture or perform another action to
sign in, such as pressing Ctrl+Alt+Delete. You then type a user name
and password or select another means of authentication to prove your
identity to Windows. After you provide these credentials, Windows
checks your credentials either locally or against an Active Directory
domain controller to ensure that the credentials exist and are valid.
If both of these are verified, your user account is allowed access to
the computer, and a desktop is created and displayed. Figure 1 shows the initial sign-in screen, prompting the user to press Ctrl+Alt+Delete.
If the credentials provided are incorrect or do not exist, Windows
displays a message explaining that the provided items are invalid. You
are given an opportunity to enter your credentials again. Depending on
the configuration of security policies, the credentials can be locked
out after a specified number of attempts; this can prevent or deter
malicious use or unwanted access to resources, but Windows does not
require this configuration for authentication. Figure 2 displays an invalid sign-in attempt.