Authentication is the process of verifying the identity of a user. A common form of authentication is username password authentication in which users sign in to a website using their username and password. All forms of authentication are based on one or more of these factors:
'Something you know' refers to information users can keep to themselves, such as their passwords, social security numbers (SSN), or personal identification numbers (PIN). 'Something you have' refers to physical items that users possess, such as photo IDs. 'Something you are' refers to unique human characteristics, such as fingerprints or retinal patterns.
Multi-factor authentication (MFA) refers to forms of authentication that rely on two or more of these types of information to verify the identity of users.
Authentication is the process of verifying that a user is who they say they are to determine whether they can enter a system. For example, you host a party for only a few friends and give them a password. When they come to your party, you ask for the password to verify that it's your friend and not a party crasher. Authentication would be the process of verifying that your friend is who they say they are.
Authorization is the process of verifying what a user can access once they've entered the system. For example, once your friend enters your party, you can decide what rooms your friends can go in and what food they can eat. Your friends aren't allowed to enter your parents bedroom, but they can enter the living room. In this example, authorization refers to what your friends can do in your house.
Authorization refers to the policies that dictate what users can access when they use a system or application. Authorization is used as a ...