Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

Various e-authentication methods can be used to authenticate a user's identify ranging from a password to higher levels of security that utilize multi-factor authentication (MFA). Depending on the level of security used, the user might need to prove his or her identity through the use of security tokens, challenge questions, or being in possession of a certificate from a third-party certificate authority that attests to their identity.

The American National Institute of Standards and Technology (NIST) has developed a generic electronic authentication model that provides a basic framework on how the authentication process is accomplished regardless of jurisdiction or geographic region. According to this model, the enrollment process begins with an individual applying to a Credential Service Provider (CSP). The CSP will need to prove the applicant's identity before proceeding with the transaction. Once the applicant's identity has been confirmed by the CSP, he or she receives the status of "subscriber", is given an authenticator, such as a token and a credential, which may be in the form of a username.

The CSP is responsible for managing the credential along with the subscriber's enrollment data for the life of the credential. The subscriber will be tasked with maintaining the authenticators. An example of this is when a user normally uses a specific computer to do their online banking. If he or she attempts to access their bank account from another computer, the authenticator will not be present. In order to gain access, the subscriber would need to verify their identity to the CSP, which might be in the form of answering a challenge question successfully before being given access.

The need for authentication has been prevalent throughout history. In ancient times, people would identify each other through eye contact and physical appearance. The Sumerians in ancient Mesopotamia attested to the authenticity of their writings by using seals embellished with identifying symbols. As time moved on, the most common way to provide authentication would be the handwritten signature.

There are three generally accepted factors that are used to establish a digital identity for electronic authentication, including:

Out of the three factors, the biometric factor is the most convenient and convincing to prove an individual's identity, but it is the most expensive to implement. Each factor has its weaknesses; hence, reliable and strong authentication depends on combining two or more factors. This is known as multi-factor authentication, of which two-factor authentication and two-step verification are subtypes.

Multi-factor authentication can still be vulnerable to attacks, including man-in-the-middle attacks and Trojan attacks.