21

The noun "authentication" has a corresponding verb "to authenticate".

"To disauthenticate" and "to unauthenticate" do not seem to exist (I might be wrong).

So what is the most appropriate word for describing the opposite action of an authentication? Specifically, I'm searching for a name for the act of reversing/canceling an authentication.

Think of it as comparable to the "Login/Logout", "Sign In/Sign Out", etc. but I want one with "Authenticate / ?"

Drax
  • 321
  • please google for antonym authenticate – mplungjan Jan 08 '14 at 10:31
  • @mplungjan that's what i did the half-hour before posting this :) – Drax Jan 08 '14 at 10:34
  • 1
    @Drax Could it be de-authenticate? – WS2 Jan 08 '14 at 10:37
  • 2
    If you already googled, please let us know. – mplungjan Jan 08 '14 at 10:48
  • Please add as answer, WS2 so I can upvote – mplungjan Jan 08 '14 at 10:50
  • 4
    What do you mean by an "opposite" here? To erroneously authenticate? To reverse an authentication? To have no authentication requirements at all? – J.R. Jan 08 '14 at 11:21
  • @J.R. To reverse an authentication. – Drax Jan 08 '14 at 11:28
  • 3
    @Drax: In most contexts, the best single word to mean "reverse an authentication" would be *invalidate. If you insist on sticking with the same base word, disauthenticate* would always be understood, but it's not a very "nice" word (i.e. - although other people sometimes use it "faut de mieux", mostly they don't). – FumbleFingers Jan 08 '14 at 12:19
  • 1
    The question is now clear. The answer is likely de-authenticate as it is used in the wild – mplungjan Jan 08 '14 at 15:18
  • So which one of de-authenticate or disauthenticate is better ? – Drax Jan 08 '14 at 15:28
  • 2
    de-authenticate - google has 8mio compared to 18K of disauthenticate and even asks "did you mean de-authenticate" – mplungjan Jan 08 '14 at 15:35
  • 3
    I dabble in computer security some, and I think the confusion comes from using 'authenticate' to mean 'authenticate and authorize'. This meaning was common on systems where authentication directly implied authority. But in reality, authentication (establishing authentic identity) is only the first step in authorization (establishing what data and/or actions are available to a user). In short, authentication isn't something that expires. You either were authenticated or you were not. The authority derived from that authentication is what can expire. – Gus Jan 08 '14 at 18:25
  • 1
    @Gus Authentication can expire or be rescinded. When it is, the authority goes too. I could authenticate a painting which is subsequently found to be inauthentic; I could authenticate a user based on a token which appears genuine but is subsequently found not to be. – Andrew Leach Jan 08 '14 at 18:42
  • 2
    You could certainly revoke an authentication. – Doc Jan 08 '14 at 18:44
  • 1
    @AndrewLeach well, you can decide not to continue allowing access to a user based on an authentication attempt. But, the fact remains that when the user presented their credentials, and the system accepted them, the authentication occurred. Many systems even now have difficulty with that time between when a set of credentials are marked invalid, and the user that presented them is 'still logged in'. That's because an authentication happens at a point in time, and is either successful or not; but authorization can (should?) be an ongoing decision. – Gus Jan 08 '14 at 20:26
  • I'm leaning Gus's way. An authentication happens in an instant - or it doesn't. It is not a status that can be rolled back. Authorization establishes a status and deauthorization rolls it back. If an authentication was a mistake, you can't undo that, and the people that handle breaches aren't the people that handle authentication. – Phil Sweet May 19 '16 at 22:23
  • 1
    @Doc Can you give an example, because I can't get by head around that. If I authenticate and walk through the door, how can that be revoked? You can do many things, but you can't not-through-the-door me. – Phil Sweet May 19 '16 at 23:12
  • @PhilSweet Say you have an ID card which you have to swipe to go through a series of doors at your work. That morning, you get to the front door, swipe your card, and go in. Then, to enter the restricted area of the building where you work, you have to swipe again. Later that day, you leave the restricted area to use the bathroom. During this time, you also get fired. Your ID card (your authentication token) is disabled, your authentication revoked. When you swipe the door for the restricted area, it doesn't open, and security guards see you swiped, run over, grab you, and throw you out – Doc May 24 '16 at 18:43
  • @PhilSweet In software, you could do something similar. Log in and get authenticated, then later get banned (while logged in). When you refresh the page or click a link or whatever, the software recognizes that your token has been revoked, and doesn't allow you to load the page, instead removing you from the 'secure' area and sending you to an error or log-in page where you would have to reauthenticate. – Doc May 24 '16 at 18:45
  • 1
    @doc The authentication hasn't been revoked if he still possess the token. Authorization has been revoked. The token continued to identify the proper individual and he authenticated just fine. When you take the token from the person, now he can no longer authenticate, but nothing about his previous authentications has changed. As Gus mentioned, confusion over identification and authorization causes headaches everywhere. – Phil Sweet May 24 '16 at 22:13

8 Answers8

21

Authentication is seen as "entering the state of being authenticated." An opposite of authentication would essentially mean "entering the state of being unauthenticated". It is more common to refer to the specific process used and the specific context would determine the most appropriate variant. A few examples:

Your session is about to expire.

This certificate is no longer valid — it is has been invalidated.

You have been logged out.

This painting is no longer for sale because the authentication has been retracted; its authenticity is suspect and if it is a forgery it will be exposed.

Your credentials have been compromised. Please authenticate.

If you truly need to refer to a specific opposite than the two most logical words would be:

  • unauthenticate
  • deauthenticate

You can read more about the un- versus de- differences here on EL&U. It is worth noting that "deauthenticate" seems to be more common while "unauthenticated" is already a word and sets a precedence for using "un-".

In the end, if you will be using the word for any official documentation or publicly facing content you should check with your employer and manager for any official style guides. There is no one correct answer, here, and consistency is very important.

One last note is that the term "reauthenticate" has a similar problem but can be avoided by simply using the word "authenticate." Certain dictionaries do include an entry for "reauthenticate", however. I was not able to find a dictionary that included either "unauthenticate" or "deauthenticate."

Community
  • 1
MrHen
  • 35,747
  • 32
  • 124
  • 264
  • This is definitely the complete answer i was waiting for, thanks :) – Drax Jan 09 '14 at 09:10
  • 3
    Note though that "unauthenticated" is an adjective, and it usually just means "not authenticated" or "not yet authenticated", not "reversed from being authenticated". The adjectival negative prefix un- has a different distribution from the verbal reversative prefix un-: the existence of a word like "undetermined" doesn't imply that a verb "to undetermine" exists. – herisson Jan 10 '17 at 17:55
4

Try repudiate (repudiation), meaning "to reject the validity or authority of; to refuse to recognize; to cast off or disown (a son, lover, etc)"

The third definition there hints at the meaning of refusing to acknowledge the continuing existence of something (a relationship, for example) that existed at some other time.

Synonyms include rescind, countermand and invalidate.

You could say something like "Your credentials are hereby repudiated."

Repudiation is a data security term, described here:

Repudiation: A repudiation threat involves carrying out a transaction in such a way that there is no proof after the fact of the principals involved in the transaction. In a Web application, this can mean impersonating an innocent user's credentials. You can help guard against repudiation by using stringent authentication. In addition, use the logging features of Windows to keep an audit trail of any activity on the server.

I would take the repudiation of credentials to mean that any future transactions would be considered unauthenticated and repudiable.

Canis Lupus
  • 22,017
2

I know of no common usage antonyms. However, I think there is a need for more fine grained language around security, so I've been making up until I find something that does the trick. I use:

Misauthenticate: to accidentally be authenticated as somebody else--like accidentally swiping your spouse's credit card. Or to do so with permission, like using your boss's password in order to carry out her instructions.

Disauthenticate: to purposefully be authenticated as somebody else without their permission--like using stolen passwords to impersonate someone.

Deauthenticate: to change a relationship such that the other party no longer knows who you are--like logging out and then logging back in as a guest.

MatrixManAtYrService
  • 121
1

It doesn't really have one.

As an adjective I might use "unauthenticated". e.g. "You are unauthenticated". But it doesn't exist as a verb.

cf.: http://thesaurus.com/browse/authenticate

MartinSGill
  • 341
  • 3
  • 9
  • 2
    Unauthenticated would usually mean "not yet authenticated", rather than "no longer authenticated". But the question is not clear as to which is required. – Andrew Leach Jan 08 '14 at 10:38
  • Agree; a good clarification. – MartinSGill Jan 08 '14 at 10:43
  • Andrew's observation is dead-on, but I see that as more of a problem with the O.P.'s question than with your answer. The O.P. hasn't even described what kind of "antonym" he is looking for. The antonym for "light" can be "dark" – or it can be "heavy", depending on what you are trying to say. – J.R. Jan 08 '14 at 11:19
  • @J.R. the word "antonym" was my (erroneous) correction/interpretation. He needs the *OPPOSITE* of authentication, i.e. the word for removal of a previously given authentication – mplungjan Jan 08 '14 at 12:26
  • 1
    I am not sure I can imagine how that works... revoking authorization, yes. But authentication is an identification. In order to make sure you remove authentication from a previously authenticated entity, you would have to make sure that you are dealing with the correct entity - meaning you need to authenticate. If authentication fails on that instance, you cannot remove earlier authentication. If authentication succeeds, however, you have just established that the earlier authentication should be regarded as valid. – oerkelens Jan 08 '14 at 13:54
  • @mplungjan - Whether it's an opposite or an antonym, I think it was unclear either way. I'm glad the O.P. took some time to clarify. – J.R. Jan 08 '14 at 14:52
  • If I am authenticated as Michel to a system and I would like to log on as another user, I need to de-authenticate my session so it will treat me as another user. – mplungjan Jan 08 '14 at 15:18
1

Allow me to expand things a bit. We needed a word for this because some drawings in our collection that were attributed to Frederic Remington turned out to be fakes after an inspection by the Buffalo Bill Museum, and we wanted to correct the catalog record. We felt really iffy about "de-authenticated" and so I googled that, and came here. After reading this page and the comments, we came up with this:

"This item was formerly attributed to Frederic Remington until 2014, when its authenticity was invalidated by the Buffalo Bill Museum in Cody, Wyoming."

I actually think I like "disauthenticated" the best, but I'm really weird. Thanks for your time!

Hapax Legomenon
  • 11
0

I guess there is no exact antonym for the word authentication, but the following words can be considered as antonym (since authentication is ~ to approving, allowing, validating etc.)

denying
disproving
rejecting
contradicting
invalidating
opposing
Bala Varadarajan
  • 136
0

I frequently work on software projects which require authenticating users. It is not uncommon to hear someone say "deauthenticate" (frequently also written as "de-authenticate") when referring to revoking someone's authentication. It's even more common to hear simply "de-auth", and at least in context the meaning would be quite clear.

Staying in the tech world, the official IEEE 802.11 (for the non-techies, that's your WiFi) specification uses the word as the name for a specific type of datagram frame.

EDIT: I'd agree with the comments about "unauthenticated" referring to someone who has not yet been authenticated, as opposed to having had their authentication revoked. At best, it would be ambiguous.

A C
  • 637
-2

The answer Should either be invalidate,uncomfirm or unauthenticate according to the motion on the floor.

Moses Alowonle
  • 1
  • A good expert answer includes explanation, context, and supporting facts. This is what makes the answer useful – not only to the asker, but to future visitors to the page. Please consider expanding your answer.

    If you are unsure what the asker is looking for, a better way is to request clarification in a comment on the question.

     – MetaEd Jun 20 '18 at 15:43