What are the main differences between Authentication and Authorization? Please explain this in a simple way.
Asked
Active
Viewed 64 times
0
-
2Authentication is "who are you", authorization is "what are you allowed to do". – David May 10 '22 at 14:42
-
Does this answer your question? [Authentication versus Authorization](https://stackoverflow.com/questions/6556522/authentication-versus-authorization) – jps May 10 '22 at 14:59
1 Answers
0
Authentication vs. Authorization
So, what is the difference between authentication and authorization? Simply put, authentication is the process of verifying who someone is, whereas authorization is the process of verifying what specific applications, files, and data a user has access to.
What Is Authentication?
Authentication is the act of validating that users are whom they claim to be. This is the first step in any security process.
Authentication process with;
- Passwords. Usernames and passwords are the most common authentication factors. If a user enters the correct data, the system assumes the identity is valid and grants access.
- One-time pins. Grant access for only one session or transaction.
- Authentication apps. Generate security codes via an outside party that grants access.
- Biometrics. A user presents a fingerprint or eye scan to gain access to the system.
What Is Authorization?
Authorization in system security is the process of giving the user permission to access a specific resource or function. This term is often used interchangeably with access control or client privilege.
Giving someone permission to download a particular file on a server or providing individual users with administrative access to an application are good examples of authorization.
In secure environments, authorization must always follow authentication. Users should first prove that their identities are genuine before an organization’s administrators grant them access to the requested resources.
blaaool
- 51
- 1
- 5