Good cybersecurity relies on many factors to provide confidence and assurance that your data is safe and being used as expected. Authentication is one of these factors. It provides the mechanism for you to trust that someone is actually who they claim to be. To be effective, authentication needs to be robust and not cumbersome to use.

When you've authenticated a user, you need to decide what they're permitted to do. Authorization grants each user a specific level of access to data and assets. As a rule, users should be given just enough permissions to access the resources they need.

Suppose you're at the airport to catch a flight. Before you can get the boarding pass, you need to verify who you are. You present yourself and your passport and if they match, you've passed the authentication process and you're issued with the boarding pass. Now you've got a boarding pass, you can use it to board a plane. The boarding pass is the authorization, as it will only let you board the plane for the flight you've booked.

If authentication is the key that opens the door, authorization decides where you can go and what you can see inside.

After completing this module, you'll be able to:

  • Describe authentication.
  • Describe some of the common authentication-based attacks.
  • Describe authorization security techniques.