Course 4 - Authentication & Authorization

What is the difference?

Understanding the key difference between authentication and authorization is critical in cybersecurity...

Authentication confirms that users are who they say they are.
Authorization gives those users permission to access a resource.

Factors of Authentication:

Something the user knows: credentials, security question, pin
Something the user has: Card, Phone, Google Authenticator
Something the user is: Biometrics (Fingerprint, Retina, Voice), Signature

Takeaway:

Authentication is "Who are you?"
Authorization is "What are you allowed to do?"

Why Does it Matter?

Establishing strong authentication and authorization systems creates a strong base for controlling access to sensitive data and information. Think of it as a double-layered defense system. Through authentication, we can verify the legitimacy of users, and if they aren’t who they claim to be… we can close their access. Once authenticated, authorization allows defining what each user CAN and CANNOT access. This duo supports the very foundation of cybersecurity, allowing the right people to get the needed access. So…in simple terms, the collaborative effort of authentication and authorizationacts as a shield to those that are malicious.

< Previous Next > Skip to Next Course

Go back?

Back to all Courses

Table of Contents

Course 4 - Introduction

Non-Technical Measures

Non-Technical Defenses

Authenticate/Authorize

Automation Tools

Automation with Python

Technical Defense Quiz

Need Help?

Chat Box