| Authentication | What it means |
|---|---|
| Password-based | Knowledge-based auth |
| Token-based (JWT, Bearer) | Proof via issued token |
| Session-based | Server remembers you |
| OAuth (1.0 / 2.0) | Delegated authorization (login via third party) |
| OpenID Connect | Authentication on top of OAuth |
| SSO | One login → many systems |
| Federation / Enterprise | Cross-org identity trust |
| MFA (HOTP, TOTP, etc.) | More than one factor |
| Passwordless | No password at all |
| API auth | Non-human auth (services, systems) |