Authentication is a key element of security, by which a receiver confirms the sender identity of a message. Typical approaches include either key-based authentication at the application layer or physical layer authentication (PLA), where a message is considered authentic if it appears to have gone through the legitimate channel. In both cases a source of randomness is needed, whereas for PLA the random nature of the communication channel is exploited. In this paper we compare the various approaches using in all cases the channel as a source of randomness. We consider a multiple-input multiple-output (MIMO) system with a finite number of antennas. Simple auto-regressive (AR) models for its evolution as well as the relation of the legitimate and attacker channel are considered. In this setting the attacker can either predict the key used for key-based authentication or forge the channel estimated at the legitimate receiver for PLA. The analysis includes both symmetric and asymmetric key-based authentication. We compare the schemes in terms of false alarm and missed detection probability and we outline best attack strategies.