KEMBAR78
Unit 3 Authentication and Authorization | PDF | Authentication | Password
Scribd
Upload
16 views4 pages

Unit 3 Authentication and Authorization

Uploaded by

sworks0007
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views4 pages

Unit 3 Authentication and Authorization

Uploaded by

sworks0007
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Authentication and Authorization

1. Definitions
● Authentication:
Authentication is the process of verifying the identity of a user, device, or system trying
to access a resource. It answers the question: "Who are you?"
For example, when you enter your username and password on a website, the system
authenticates that you are the legitimate user.

● Authorization:
Authorization is the process of determining what an authenticated user is allowed to do
or access. It answers the question: "What are you allowed to do?"
For example, once you log into a system, authorization controls whether you can view
certain files, modify settings, or access specific features.

2. Differences Between Authentication and Authorization

Aspect Authentication Authorization

Definition Authentication is the process of Authorization is the process of


verifying the identity of a user. determining what an authenticated
user is allowed to do.

Purpose To confirm user identity. To grant or deny permissions.

Process Usually done through passwords, Usually handled through access


biometrics, OTPs, etc. control policies.

Timing Occurs before authorization. Occurs after authentication.

Example Entering username and password Accessing admin settings after


to log into a system. logging in.

Focus Who are you? What are you allowed to do?

Data Used Credentials like username, User roles, permissions, access


password, etc. levels.

3. Importance of Authentication in Digital Security


● Foundation of Security: Authentication is the first and most decided step in digital
security. Without verifying identities, unauthorized users could gain access, leading to
data breaches, fraud, and other cyberattacks.

● Prevents Unauthorized Access: Ensures that only Valid users can enter systems or
applications.

● Enables Accountability: Proper authentication tracks user actions, helping in auditing


and monitoring.

● Protects Sensitive Data: Ensures that personal, financial, or confidential information is


accessed only by authorized persons.

● Supports Compliance: Many regulations (e.g., GDPR(General Data Protection


Regulation), HIPAA(Health Insurance Portability and Accountability Act)) require tough
authentication mechanisms.Implementing proper authentication controls helps
organizations comply with these regulations and avoid penalties.
● Reduces Social Engineering Risks: Authentication helps mitigate the risk of social
engineering attacks, where malicious actors try to trick users into revealing their
credentials.

4. Authentication Methods
A. Password-Based Authentication

● How it works: The user provides a secret password associated with their username.

● Advantages:

○ Simple to implement and use.

○ Low cost.

● Disadvantages:

○ Vulnerable to guessing, phishing, brute force attacks.

○ Users often choose weak or reused passwords.

○ Passwords can be leaked.

B. Multi-Factor Authentication (MFA)

● How it works: Requires two or more types of authentication factors:

○ Something you know (password, PIN)

○ Something you have (smartphone, hardware token)


○ Something you are (biometrics)

● Advantages:

○ Significantly enhances security by adding layers.

○ Reduces risk even if one factor is compromised.

● Disadvantages:

○ Slightly more complex for users.

○ Can require additional hardware or software.

○ Potential inconvenience or slower login process.

C. Token-Based Authentication (e.g., OTP, TOTP)

● How it works: User receives a temporary token (One-Time Password) via SMS, email,
or an authenticator app. Time-based OTPs (TOTP) expire after a short duration.

● Advantages:

○ Tokens are dynamic and expire quickly, reducing replay attacks.

○ Easy to integrate with MFA.

● Disadvantages:

○ Requires reliable delivery methods.

○ SMS-based OTPs can be intercepted or delayed.

○ Dependency on external devices or networks.

D. Biometric Authentication

● Types: Fingerprints, facial recognition,voice recognition.

● How it works: Uses unique biological traits of a person for verification.

● Advantages:

○ Difficult to forge or replicate.


○ Convenient and fast (no need to remember passwords).

○ Provides high assurance of identity.

● Disadvantages:

○ Privacy concerns—biometric data is sensitive.

○ Potential for false positives/negatives.

○ Expensive to implement.

○ Biometric data, if stolen or leaked.cannot be changed like passwords.

Advantages and Disadvantages of Authentication Methods


Method Advantages Disadvantages

Password-Based Simple, inexpensive Vulnerable to attacks, user poor


habits

Multi-Factor Authentication High security, reduces More complex, possible


(MFA) risks inconvenience

Token-Based (OTP, TOTP) Dynamic, reduces replay Dependency on network/devices,


attacks delivery issues

Biometric Authentication Hard to forge, Privacy issues, cost, potential errors


convenient

You might also like