Let’s discuss the two topics which seem to have same meaning but actually they define different things.

Authentication

Authentication means validating the identitity of the user by the use of username-and-password mechanism or different mechanism. Here system checks whether the person is using alloted credentials or not.

Its the process of ascertaining that somebody really is who they claim to be

This can be achieved by the following:

  • Single-Factor Authentication
    • Here username and password are required to access to the network or website.
Single Factor Authentication
  • Two-Factor Authentication
    • Here along with username and password, a more piece of information required like OTP (One time Password). This makes the account more secure and harder for hackers to get access to the account or personal information.
Two Factor Authentication – Requiring OTP after username and password
  • Multi-Factor Authentication
    • It includes two or more levels of security and is the advanced authentication system. Apart from single authentication, it also includes the piece of information that the user only has like code generated by the local software which is on the user’s machine.
    • These can include users’ biometric information, complex-key stored on a flash drive which the user owns.
    • These are generally used in banking, financial sectors.
Multi-Factor Authentication – Requiring user to input OTP generate by App

Authorization

This step comes once the authentication completed. Now we need to identify which physical or virtual resource the user can access with the help of authorization.

Real world example

Let’s say a company XYZ is a software company which has so many employees and the only employees can enter into office premises. Now, in this case, authentication of a person is done at the gate and only employees are allowed to enter the company premises. Now coming to the next level, this company has multiple resources inside it. these resources are categorized into A, B, C, and D. This division of access can be done with the help of Authorization.

Example of a website

Here there are three types of users. 1- Admin 2- Employee 3- Public users. In this Admin can view details of all the employees. The employee can view only their details. And last Public users can’t log in to the website.

In this case, Admin and Employee both can log in to the website. But Admin has more capability then Employee. This can be achieved with the help of the resource definition as described below (anyone).

  • Use of cookies that define the type of user. And user check is done when accessing the resource.
  • Use of Table mapped with Userid. These table fields are checked.
  • Use resource access keys embedded inside the token.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.