Skip to main content

Home Null authentication

Null authentication

(also anonymous authentication, zero authentication, AUTH_NULL)

Null authentication definition

Null authentication is a method for accessing a system without any form authentication information (such as a username, password, or authentication token). Null authentication is typically implemented to allow public or anonymous access to specific resources.

It is important to note that null authentication rarely gives visitors unlimited access to the system. For security reasons, visitors are often barred from functions that could be easily abused — for example, they may be prohibited from editing or deleting data.

See also: strong authentication, two-factor authentication, adaptive authentication, certificate-based authentication

Real null authentication use cases

  • Public Wi-Fi hotspots: Wi-Fi networks that offer free access to the internet in public places (such as cafes or airports) without any authentication requirements. Unfortunately, this also poses significant risks to those guests that do not use a VPN, as hackers can lurk on unsecured networks to intercept unencrypted data.
  • Public information: Governmental or NGO systems may use null authentication to give the public unrestricted access to certain documents (such as laws, commentaries, and guidelines). In this case, null authentication is adopted in the public interest, to give people the option to help themselves.
  • Anonymous browsing: In a similar vein, some web services may offer visitors the option to browse certain content anonymously.
  • File transfers: Some file transfer services (for example, peer-to-peer websites or groups) may allow anonymous users to upload or download files without the need for authentication.