Image for post
Image for post
Image for post
Image for post

Authentication vs Authorization

Anum Siddiqui
Sep 30, 2018 · 4 min read

Today I’m going to discuss two topics that most people tend to confuse. Both the terms are often used in conjunction with each other when it comes to security and gaining access to the system. Both terms very key topics that are often associated with the web as key pieces of its service infrastructure. However, both these terms are quite different with completely different concepts. Now you’re wondering what these terms are, well they are known as authentication and authorization. Authentication means confirming your own identity, whereas authorization means being allowed access to the system. In even more simpler terms authentication is the process of verifying oneself, while authorization is the process of verifying what you have access to.

Image for post
Image for post

Authentication

Authentication is about validating your credentials such as Username/User ID and password to verify your identity. The system then checks whether you are what you say you are using your credentials. Whether in public or private networks, the system authenticates the user identity through login passwords. Usually authentication is done by a username and password, although there are other various ways to be authenticated.

Authentication factors determine the many different elements the system uses to verify one’s identity before granting the individual access to anything. An individual’s identity can be determined by what the person knows, and when it comes to security at least two or all the three authentication factors must be verified in order to grant someone permission to the system. Based on the security level, authentication factors can vary from one of the following:

  • Single- Factor Authentication: This is the simplest form of authentication method which requires a password to grant user access to a particular system such as a website or a network. The person can request access to the system using only one of the credentials to verify one’s identity. For example, only requiring a password against a username would be a way to verify a login credential using single- factor authentication.

Authorization

Authorization occurs after your identity is successfully authenticated by the system, which therefore gives you full access to resources such as information, files, databases, funds, etc. However authorization verifies your rights to grant you access to resources only after determining your ability to access the system and up to what extent. In other words, authorization is the process to determine whether the authenticated user has access to the particular resources. A good example of this is, once verifying and confirming employee ID and passwords through authentication, the next step would be determining which employee has access to which floor and that is done through authorization.

Access to a system is protected by authentication and authorization, and they are frequently used in conjunction with each other. Although both have different concepts behind then, they are critical to the web service infrastructure, especially when it comes to being granted access to a system. Understanding each term is very important and a key aspect of security.

DDI Recommended Resources

Image for post
Image for post

Data Driven Investor

from confusion to clarity not insanity

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store