โ€œFor every lock, there is someone out there trying to pick it or break inโ€ Davis Bernstein

We have been witnessing a spike in online user platforms in the last decade. This hastened during the covid19 years. Numerous things for which we used to step out, we now order or consume online. Be it food, movie tickets, banking transactions, OTT, groceries, books etc.

Did you know that delivering products and services online through the web or apps, is a massive task for the service providers? One of the things they need to verify, is whether you are their actual consumer. Here comes the question of your password strength. Verizon’s 2021 Data Breach Investigations Report mentions that 81% of all breaches involve weak or stolen passwords.

Authentication and authorization are two information security processes that IT administrators use to protect systems and information. And while it is easy to confuse one with the other, we will try and distinguish between authentication and authorization.  

๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—”๐˜‚๐˜๐—ต๐—ฒ๐—ป๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป

Authentication is a process that ensures and confirms a userโ€™s identity via a set of credentials. It increases the security of consumer’s data.

With data breaches on the rise, and in headlines, consumers are becoming more aware and involved in their own information’s security. Most businesses, of course, already understand the importance of cybersecurity, and deploy sort of authentication for their systems. An authentication profile is a collection of information that the system uses to conduct a logon session. When you set up an authentication profile, you are usually given a choice for the type of authentication you want. For example an OTP, or a prompt on your mobile. A secure remote password is thereby generated, and the authentication service authenticates users and issues session credentials. 

๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—”๐˜‚๐˜๐—ต๐—ผ๐—ฟ๐—ถ๐˜‡๐—ฎ๐˜๐—ถ๐—ผ๐—ป

What happens after a user is successfully authenticated? The user now has authorization to perform any particular action limited by the user’s access. This authorization is provided by the same system that first authenticated the user.

For example, an employee logging on to a company portal is verified and confirmed via ID and password (credentials) authentication. Once authenticated, the employee receives system provided authorization to access and use those system resources. The authorization lasts as long as the user stays authenticated by the system. Once the user logs off, her / his authorization expires. Upon getting authenticated by the system again (re-login), the authorization would be re-granted.