So let’s talk about authentication & authorization. Authentication confirms that users are who they say they are. Authorization gives those users permission to access a resource.
These two terms might sound similar but they have different meanings & purposes.
Authentication
The act of validating that users are who they claim to be is what we can call authentication. This technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server. Data authentication is another term so we will discuss it some other day. So the authentication is the first step in any security process.
There are several authentications types like the common one that we have is the user ID. Authentication occurs when the user provides credentials such as a password that matches their user ID. User ID & password is also known as single-factor authentication or SFA. A new way which is called One Time Password(OTP) is used to strengthen the authentication process and it is only provided to the user on his registered mobile number or email ID after entering the ID & password. This is two-factor authentication or 2FA.
Authorization
Authorization in system security is the process of giving the user permission to access a specific resource or function. We can use client privileges or access control interchangeably. Giving someone permission to download a particular file on a server or providing individual users with administrative access to an application are good examples of authorization. Insecure environments, authorization must always follow authentication. Users should first prove that their identities are genuine before an organization’s administrators grant them access to the requested resources.
Identity and Access Management(IAM) is the discipline for authorization rules in computer systems. Within IAM, authorization, and authentication help system managers to control who has access to system resources and set client privileges. The way that IT systems deal with authorization services is very similar to a real-world access control process.
By understanding the difference between authentication and authorization, and implementing IAM solutions that have strong support for both will protect the organizations against data breaches and enable the workforce to be more productive.
For more information
https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html
