In other words, authorization determines what a user is and is not permitted to do. In authorization process, it is established if the user (who is already authenticated) is allowed to have access to a resource. Frequently used types of authentication technology are username/password, one-time password and biometric authentication. One of them is password verification most of the time. Two factor authentication, on the other hand, is still a widely used security process that involves two methods of verification. Authentication technologies are mainly used with two types of authorization processes: Two factor authentication Multi-factor authentication In the past, multi-factor authentication was vastly popular but due to its difficulties in use, password authentication prevailed. In addition, the ‘user’ may not be an actual person but an application trying to use a web services API. ‘Maybe’ is treated as a no for security concerns. Thus the output of the authentication process is either a yes or no. Or an account has to be created during the process.Ī user is either who they claim to be or someone else. In order to conduct the process of authentication, it is essential that the user has an account in the system so that the authentication mechanism can interrogate that account. Most of the time this verification process includes a username and a password but other methods such as PIN number, fingerprint scan, smart card and such are adapted as well. In authentication process, identities of the users are verified. It might be because these three are usually perceived as one single process by the end user, yet it is critically important to understand the distinction while designing the security framework. Authentication, authorization and access control are three paramount cyber security concepts that are often confused and used interchangeably.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |