RatSec Blog

Authorisation vs Authentication: Explained

- Posted in Business logic by


Authentication is the process of verifying the identity of a user, system, or device. In cybersecurity, authentication is a critical step in ensuring that only authorized individuals can access sensitive information or perform certain actions. There are several methods of authentication, including:

  1. Something you know: This is the most common form of authentication and involves the use of a username and password. Users must provide a unique combination of a username and a password that only they know. This method is prone to attack if the passwords are weak or compromised.

  2. Something you have: Authentication based on something you have involves using a physical token or device that only the user has access to, such as a smart card, a USB key, or a mobile phone.

  3. Something you are: Biometric authentication methods, such as facial recognition or fingerprint scanning, verify a user's identity based on unique physical characteristics.


Authorization is the process of determining what actions a user can perform after they have been authenticated. It's the act of granting or denying access to specific resources based on the authenticated user's identity and permissions. Authorization is a critical component of access control, which is used to limit what a user can see or do within a system.

Authorization is typically based on a user's role or group membership, which determines the level of access they have to resources or information. For example, a network administrator may have access to all parts of the network, while an ordinary user may only have access to their own files and folders.

In short, authentication is the process of verifying a user's identity, while authorization is the process of granting or denying access based on the authenticated user's identity and permissions. Both of these processes are critical for maintaining the security and integrity of a system or application.