What is the actual differences between authentication and authorization?

8/13/2019 2:51:12 AM

Prince Raj

16 Answers

New Answer


Authorisation is like the use of a password when logging in. Authentication is more like being able to prove that you are whom you claim to be, e.g. by possessing a private key. At least that's my understanding of it.


Information security is essential for almost all automated systems. Authentication and authorization are two mechanisms used in these systems to secure information. Authentication is used to identify a particular user in order to let him access a system. After authenticating the user to the system, authorization provides the necessary limits and accesses the user has. These policies are defined in a firewall or an Access Control List on a file server. Authorization applies only to authenticated users.


authentication is just checking the login credentials. Authorization differentiates the role of the user( ex. USER or ADMIN)


First a user is authenticated, then authorized... They define progressive security layers... Authentication may be secure like SSL or RSA...🤔


Autentication : - Who are you? Autorization: - what you can do?


From the discussion of all peers in short we can say, Authorization is a only a permission of grant access or some limit given within any organization (may be super admin) to particular user or employee, whereas authentication is the system procedure within the organization of verification of that given authority.... Authorization :- permission of grant access Authorization :- verification of that grant permission Thank you very much all of you have cleared my doubt 👏🙌🙏🏼


Authentication is about "Who you are", authorization is "given you're who you say to be, what you're allowed to do"


Authorization comes to play when you are given some privileges or can perform some sets of functions based on your access status. For instance, if you log in as a regular person, you can be granted access to some features other than that of a VIP or premium person. Or you could be given access to a particular feature of a system by permission WHILE Authentication is a form of validation or "screening" based on rendered or inputted data in order to confirm or meet with laid down requirements in a system. It could serve as an access way. For instance, if a user is meant to input just his first name in an input field, if he/she does so, he/she will be granted access but will be denied access if otherwise. That process, hence is known as Authentication


Identification occurs when a subject claims an identity (such as with a username) and authentication occurs when a subject proves their identity (such as with a password). Once the subject has a proven identity, authorisation techniques can grant or block access to objects based on their proven identities.


Let me tell a story. I was at train station waiting for my train. At the time, I was standing near a food stall, when an old man approached me and asked me to buy him a food. How I responded him, can you guess? Let me you about me, I never help who doesn't need help, but give everything I have, if it essential for needy ones. Let us come back to story, first I authenticated him that he has no money just by seeing his eyes and how he approached... yes, everyone authenticates the claim of having no money to take next step whether to help someone or not... This is authentication, that he has no money, but still we don't know he is needy one or not, whether we going to help him or not, which is next step... According to me, beggars are hopeless people and lazy people, but the old man who approached me isn't a beggar, so I authorized him as not a beggar, so final step is whether I going to help him or not, which will be based whether he is really a food needy one or not... yeah he is really a food needy one, he never asked me any money further after I bought him a food... Here I completely authorized him to have my help in getting his food... So authentication is used to verify whether credentials is true or not, if true then authorized to access certain features like I authenticated the old man for not having money, then only I authorized him to have my help based on some morals... If your morals aren't concrete and wise, then you'll be get fooled by imposters... LOL.


Authorisation spells out the extent to which a user is allowed to access a resource. Authentication on the other hand spells out the credentials given to a particular user so as to access a resource/system




To Authenticate is to Verify a persons Account, email and Identification To Authorize is to give the person who has been Verified the ability to use the web site with their own password.


After reading these comments I even forget what I already knew ☹️🤯🤒🧠💨:-P


Authentication is like: Are you the one, you say you are? Authorization is like: This is what you're allowed to see and do.


Authorisation is the use of password when logging in. Authentication is to prove who you are claiming to be