Authenticator needs some context.

Authenticator may refer to NIST.SP.800-63B or to the FIDO Authenticator.

To Ldapwiki this is all just very confusing as an Authenticator is nothing different than a claim (i.e. Credential) that is typically tied to a specific Authentication Method during the Credential Enrollment process by the Identity Proofing process.

Typically in Password-based Authentication, there are two Entities:

The Authentication Method determines how Validation of these two claims is performed and this process is Authentication


Authenticator is defined in NIST.SP.800-63B as something that the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s Digital Identity which is what most people call a Credential

In previous editions of NIST.SP.800-63 versions, this was referred to as a token.

More Information#

There might be more information for this subject on one of the following: