Lesson 3: Authentication & Authorization

What is the difference?

Understanding the key difference between authentication and authorization is critical in cybersecurity...

• Authentication confirms that users are who they say they are.
• Authorization gives those users permission to access a resource.

Factors of Authentication:

• Something the user knows: credentials, security question, pin
• Something the user has: Card, Phone, Google Authenticator
• Something the user is: Biometrics (Fingerprint, Retina, Voice), Signature

Takeaway:

Authentication is "Who are you?" Authorization is "What are you allowed to do?"

Why Does it Matter?

Establishing strong authentication and authorization systems creates a strong base for controlling access to sensitive data and information. Think of it as a double-layered defense system. Through authentication, we can verify the legitimacy of users, and if they aren't who they claim to be... we can close their access. Once authenticated, authorization allows defining what each user CAN and CANNOT access. This duo supports the very foundation of cybersecurity, allowing the right people to get the needed access. So...in simple terms, the collaborative effort of authentication and authorization acts as a shield to those that are malicious.