1. The user makes a claim of identity, usually by providing a username. For example, I might make this claim by telling a database that my username is “mchapple”.
2. The system challenges the user to prove his or her identity. The most common challenge is a request for a password.
3. The user responds to the challenge by providing the requested proof. In this example, I would provide the database with my password
4. The system verifies that the user has provided acceptable proof by, for example, checking the password against a local password database or using a centralized authentication server