Let’s discuss the two topics which seem to have same meaning but actually they define different things.
Authentication means validating the identitity of the user by the use of username-and-password mechanism or different mechanism. Here system checks whether the person is using alloted credentials or not.
Its the process of ascertaining that somebody really is who they claim to be
This can be achieved by the following:
- Single-Factor Authentication
- Here username and password are required to access to the network or website.
- Two-Factor Authentication
- Here along with username and password, a more piece of information required like OTP (One time Password). This makes the account more secure and harder for hackers to get access to the account or personal information.
- Multi-Factor Authentication
- It includes two or more levels of security and is the advanced authentication system. Apart from single authentication, it also includes the piece of information that the user only has like code generated by the local software which is on the user’s machine.
- These can include users’ biometric information, complex-key stored on a flash drive which the user owns.
- These are generally used in banking, financial sectors.
This step comes once the authentication completed. Now we need to identify which physical or virtual resource the user can access with the help of authorization.
Real world example
Let’s say a company XYZ is a software company which has so many employees and the only employees can enter into office premises. Now, in this case, authentication of a person is done at the gate and only employees are allowed to enter the company premises. Now coming to the next level, this company has multiple resources inside it. these resources are categorized into A, B, C, and D. This division of access can be done with the help of Authorization.
Example of a website
Here there are three types of users. 1- Admin 2- Employee 3- Public users. In this Admin can view details of all the employees. The employee can view only their details. And last Public users can’t log in to the website.
In this case, Admin and Employee both can log in to the website. But Admin has more capability then Employee. This can be achieved with the help of the resource definition as described below (anyone).
- Use of Table mapped with Userid. These table fields are checked.
- Use resource access keys embedded inside the token.