What's the difference between authentication and authorisation? Authentication confirms that users are who they say they are. Authorisation gives those users permission to access a resource.
While authentication and authorisation might sound similar, they are distinct security processes in the world of identity and access management (IAM).
What Is Authentication?
Authentication is the act of validating that users are whom they claim to be. This is the first step in any security process.
Complete an authentication process with:
- Passwords. Usernames and passwords are the most common authentication factors. If a user enters the correct data, the system assumes the identity is valid and grants access.
- One-time pins. Grant access for only one session or transaction.
- Authentication apps. Generate security codes via an outside party that grants access.
- Biometrics. A user presents a fingerprint or eye scan to gain access to the system.
In some instances, systems require the successful verification of more than one factor before granting access. This multi-factor authentication (MFA)