Identification and Authentication: Similarities and Differences

As the world moves increasingly online, users are constantly being identified, authenticated, and authorised. These terms are often used interchangeably; however, they are not the same and work differently to achieve specific tasks. 

Identification is the act of identifying a particular user, often through a username. Authentication is the proof of this user’s identity, which is commonly managed by entering a password. 

Only after a user has been properly identified and authenticated can they then be authorised access to systems or privileges. The authorisation aspect assigns rights and privileges to specific resources. Identification and authentication have specific purposes and are necessary components of data security. 

Defining identification & authentication

Identification is the first step in most online transactions and requires a user to “identify” themselves, usually by providing a name, email address, phone number, or username. This is the process of someone saying that they are a certain person. 

In an online environment, however, it can be difficult to verify that a person is giving a real identity and that they are who they say they are. 

Identities can be verified through providing more information, often a form of government-issued ID. The verification process generally only happens the first time you create an account or access a site. After this, your identity will be authenticated, often by the creation of a password to go along with your username.

When initially signing up, accessing, or onboarding with a system, service, or company —after your identity has been verified — a form of authentication is set up. This will be required each additional time the service or application is accessed. 

Digital authentication requires one of the following:

  • Something a person knows: a password or security question
  • Something a person has: a token, smartcard, ID card, or cryptographic key
  • Something a person is: biometric data, such as a fingerprint or facial scan

The authentication process is a way for a user to prove that they are still the person they claimed to be during the identification phase. The safest authentication methods involve multi-factor authentication (MFA), which requires the use of more than one form of authentication.

Explaining authorisation

Authorisation is granting a user access to services or the system — allowing rights and privileges based on the identification and authentication already provided. 

In 2020, there were nearly