It is a popular conjecture that the design of authentication is an error prone and hence difficult task. Once again, I will try to explain how this situation may have come about.
As a general observation, one may note that in many areas of science progress in the understanding of fundamental concepts has gone hand in hand with the development of a language for discussing these concepts. The difficulty of giving good definitions for authentication bears witness to this problem. In a specific observation on authentication, I will illustrate that the term authentication is used in a number of different security paradigms, a fact that can only add further confusion.
Not surprisingly, I will argue that more precision in the discourse about authentication is required. In this respect, designers and attackers have been equally culpable so far.