Authentication vs Authorization
Today I’m going to discuss something people confuse on. Authentication and Authorization, Feels like the same but different.
Authentication
Authentication is the process of verifying the identity of a user by obtaining some sort of credentials like User Name and password and using those credentials to verify the user’s identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to Authorization process. Authentication is usually done by a username and password, based on the security level authentication factor can vary. As examples
- Single-Factor Authentication — It’s the simplest authentication method which commonly relies on a simple username and password to grant user access to a particular system.
- Two-Factor Authentication — Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user’s credentials and the resources the user can access.
- Multi-Factor Authentication — It is a security system that verifies a user’s identity by requiring multiple credentials. Rather than just asking for a username and password (We called this what you know), MFA requires some other additional credential normally from something you have or some thing you are.
Authorization
Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.
Systems and processes may also need to authorize their automated actions within a network. Online backup services, patching and updating systems and remote monitoring systems, such as those used in smart grid technologies, all need to securely authenticate before they can verify that it is the authorized system involved in any interaction and not a hacker.
Real-world example
When you go through security in an airport, you show your ID to authenticate your identity. Then, when you arrive at the gate, you present your boarding pass to the flight attendant, so they can authorize you to board your flight and allow access to the plane.
The authentication and authorization are the security measures taken in order to protect the data in the information system. Authentication is the process of verifying the person’s identity approaching the system. On the other hand, Authorization is the process of checking the privileges or access list for which the person is authorized.
I am looking forward to see you again soon with my next article. Have a Good Day!!
Reference — http://www.differencebetween.net/technology/difference-between-authentication-and-authorization/
