January 15, 2025

Authentication and Authorization

by AmritMattiJanuary 3, 2025

Too many engineers assume that Authentication and Authorization are the same.

Nah. They’re fundamentally different concepts.

Authentication is:

Who are you?
Validating identity (e.g., username & password, biometrics).
Think logging in to Gmail or proving your identity to a system.

Authorization is:

What are you allowed to do?
Granting permissions based on roles, policies, or attributes.
Think accessing a specific file in Google Drive or performing admin tasks.

The key difference?

Authentication establishes identity. Authorization defines access.

Example:

You log in to your company VPN using 2FA (Authentication).
You can view project files, but not access payroll systems (Authorization).

Assuming they’re the same leads to security loopholes. Secure systems need both working in harmony.

Be open-minded about the nuances of security – that’s how learning sticks.

P.S. Stop saying “Auth” when you mean Authentication or Authorization. Be specific. 😉

AmritMatti

I’m the owner of “DevOpsTechy.online” and been in the industry for almost 5 years. What I’ve noticed particularly about the industry is that it reacts slowly to the rapidly changing world of technology. I’ve done my best to introduce new technology into the community with the hopes that more technology can be utilized to serve our customers. I’m going to educate and at times demonstrate that technology can help businesses innovate and thrive. Throwing in a little bit of fun and entertainment couldn’t hurt right?

View all posts by AmritMatti →

Leave a Reply Cancel reply