In Technical Terms
- Authentication proves identity.
- Authorization enforces permissions based on identity.
Authentication and Authorization are related but different concepts in security:
| Concept | Authentication | Authorization |
|---|
| Purpose | Verifies who you are | Determines what you can do |
| Question | “Are you really Alice?” | “Is Alice allowed to access this file?” |
| Happens First? | Yes | After authentication |
| Examples | Passwords, biometrics, OTP, login | Permissions, roles, access control |
- Identity → Who you are
- Authentication → Prove who you are
- Authorization → What you can access
