Athentication is the act of certifying authenticity. If something is authentic it’s real. In IT security it means that verifying that a user really is who they claim. Authentication in IT typically involves shared secrets (eg passwords, symetric encryption keys, secret questions, thumb/face scan, PIN etc.) where only one party knows the key. https://goo.gl/ecxCQv

The term secure has three important connotations in the context of IT. If an email is secure it is adequately private, adequately authenticated. The term adequate is used to illustrate how any security mechanism can be circumvented if sufficient effort is applied. The term privacy means that information is intelligible only to its rightful recipients. Although third parties may be able to read the message sent, they must not be able to make sense of it. Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Authenticated means that the recipient may reasonably be certain that a message was truly created by its purported author, and has not been forged by some other party. Implicit in this definition is the assumption that the true author has taken care to prevent misuse of its identity by unauthorized entities and that if forgery has taken place, it is without the collusion of the author. A message that has integrity is a protected message and the contents of that message cannot be/ has not been changed.

https://goo.gl/NVutc7

https://goo.gl/ecxCQv

For user interaction with systems, programs, and each other, authentication is critical. User ID and password input is the most prevalent method of authentication. It also seems to present the most problems. Passwords can be stolen or forgotten. Cracking passwords can be simple for hackers if the passwords aren't long enough or not complex enough.

https://goo.gl/YUNiUu

Computer and Internet security were found based on three principles, known as C-I-A:

1. Confidentiality: this means that the data is accessible by a certain people and not for all.

2. Integrity: this means that the data should remain identical to the last state the user was using it and saved it by.

3. Availability: this means that the data should be available for access to the authorized used in a reasonable time and in a proper form. https://goo.gl/dWnw8A

Under those three main principles come group of other sub-principles that carry a similar meaning:

1. Identification

2. Authentication

3. Authorization

4. Accountability https://goo.gl/dWnw8A

Three IT Security Goals Are Confidentiality, Integrity, and Availability. All IT security measures try to address at least one of three goals:

1. Protect the confidentiality of data

2. Preserve the integrity of data

3. Promote the availability of data for authorized use https://goo.gl/UHf9bs

In relation to security here are some articles that share some ideas about password security:

• 20 tips regarding passwords https://goo.gl/vgH6F9

• Password Do’s and Don’ts https://goo.gl/ghJ3Hw