An authentication system, including at least one processor configured to: perform authentication based on a first authentication method; record, when the authentication by the first authentication method is successful, an authenticated user and a location of the authenticated user in association with each other in a storage; perform authentication based on a second authentication method; and restrict successful authentication by the second authentication method when a user to be authenticated by the second authentication method and a location of the user to be authenticated are not associated with each other in the storage.