This is the first comprehensive guide to authentication: making sure your users are who they say they are. Leading security consultant Richard Smith reviews every option for authentication, from passwords to biometrics, and virtually every application scenario -- offering practical guidance on choosing the best option, implementing it, and managing it. Smith begins by introducing the authentication landscape, explaining how today's authentication options have evolved from yesterday's timesharing systems, and showing how to estimate the prevalence of successful attacks. He presents detailed coverage of passwords, password selection, and the human issues associated with password-based authentication. Other key topics include: authentication for laptops and workstations, encryption, cryptographic keys, PIN numbers, biometrics, tokens, Windows 2000's Kerberos implementation, public and private keys, SSL, certificates, and more. For all network and security professionals.