intigriti interview question

What is authentication and what is authorization

Interview Answer

Anonymous

28 Feb 2025

Authentication and authorization are two fundamental concepts in security, often used together but serving different purposes: Authentication: This is the process of verifying a user's identity. It ensures that the person or system trying to access a resource is who they claim to be. Common authentication methods include passwords, biometrics, OTPs, and multi-factor authentication (MFA). Authorization: This determines what an authenticated user is allowed to do. Once a user is authenticated, authorization defines their access levels and permissions for specific resources, such as viewing, editing, or deleting data. Authorization is typically enforced through role-based access control (RBAC) or permission policies.