# Authentication

When a user starts an **APP**, the first thing the **APP** needs to do is authenticate the user, especially if the **APP** wants to interact later with the Hive blockchain.

Usually, this is done by entering a username and password and matching it against similar data stored somewhere.

Hive Authentications Services enables applications to authenticate their users by simply providing a username and relieving the applications from storing additional credentials data.

The credentials are stored in the **PKSA** local storage and act as a Two-Factor Authentication (2FA) provider.

The users only need to trust one **PKSA**, where they safely store their private keys. They no more will be required to provide any key to any **HAS** enabled application. Likewise, they are guaranteed that their keys will never leave the **PKSA**.

After the user has provided the **APP** with their account name, the **APP** will perform the authentication process.