What Is Authentication?

Authentication is the act of validating that users are whom they claim to be. This is
the first step in any security process.

Giving someone permission to download a particular file on a server or providing

individual users with administrative access to an application are good examples of
authentication.

Complete an authentication process through:

 Passwords. Usernames and passwords are the most common authentication

factors. If a user enters the correct data, the system assumes the identity is
valid and grants access.
 One-time pins. Grant access for only one session or transaction.
 Authentication apps. Generate security codes via an outside party that
grants access.
 Biometrics. A user presents a fingerprint or eye scan to gain access to the
system.

What Is Authorization?

Authorization in a system security is the process of giving the user permission to

access a specific resource or function. This term is often used interchangeably with
access control or client privilege.

In secure environments, authorization must always follow authentication. Users

should first prove that their identities are genuine before an organization’s
administrators grant them access to the requested resources.
 Authentication and Authorization are often used together. For example, students
at Boston University are required to authenticate before accessing the Student
Link. The authentication they provide determines what data they are authorized
to see. The authorization step prevents students from seeing data of other
students.

Authentication Authorization
Grants or denies
What does it do? Verifies credentials permissions
Through settings
Through passwords, biometrics,maintained by security
How does it work? one-time pins, or apps teams
Is it visible to theYes No
user?
It is changeable by
the user? Partially No
How does data
move? Through ID tokens Through access tokens