Ajax allows us to build Web 2.0 applications with ease. However, it also raises a number of questions. One such very pertinent question is regarding user authentication. User authentication simply means checking the authenticity of the user, How should we ensure that authentication mechanisms are not bypassed, when we use Ajax – in other words, when we deal with asynchronous way of communication, instead of a standard user ID-password based mechanism?

Identity management is one of the most interesting security problems to solve. How do we establish and then confirm the identity of a user or an application / system? Moreover, how do we inform anyone interested that the identity is established and that it can be safely trusted?

The question of how best to perform user authentication is a puzzle that is quite tough to solve. While newer techniques keep emerging, the bread-and-butter user authentication technology of passwords will not go away very soon. Usage of passwords for authenticating users raises several concerns, such as how long the passwords should be, using what combinations of letters, digits, special symbols, etc; and also how long should passwords remain valid (i.e. how frequently they should expire), and so on.