Home what is What is the Difference Between Authentication vs Authorization?

What is the Difference Between Authentication vs Authorization?

Authentication vs Authorization

Authentication and Authorization are two terms that are often used interchangeably in the tech world. However, both these terms are quite different with completely different concepts and meanings.


Simple English Meaning: The process or action of verifying the identity of a user or process.

Authentication is the process of proving one’s identity before trying to gain access to a resource. We see Authentication everywhere in our day to day lives such as:

  1. Passports
  2. ID Cards
  3. Aadhaar Cards


In Tech World, we see Authentication in the following scenarios:

  1. Website LogIns
  2. Mobile Phone LogIns
  3. Computer LogIns


Generally, Authenticating yourself is just proving to the system that you are the one you are claiming to be. It normally takes place in the following way:

A user tries to Log In to the system and is asked to present his username and password. When both of these things are entered and are validated as true by the system, the user is authenticated and is allowed to Log In.

Types of Authentication

  1. Single-Factor Authentication: It is the simplest form of Authentication and requires just a username and password. Once these two are validated, a user is allowed to log in. Example: Simple website login
  2. Two-Factor Authentication: This form of Authentication requires an additional piece of information that only the user knows, along with the username and password. Example: Logging In a website with the username and password, along with an OTP (One-Time Password) which is sent to the user’s email id or phone.
  3. Multi-Factor Authentication: This is the most advanced method of Authentication which requires two or more levels of security from independent categories of authentication to grant a user access to the system. This form of authentication utilizes factors that are independent of each other in order to eliminate any data exposure.


Simple English Meaning: Official permission for something to happen, or the act of giving someone official permission for something.

The authorization is the process of providing or granting permissions to a user to access a protected resource.

Some examples of Authorisation are:

  1. Granting individual access to a specific location in a building
  2. Allowing a user to access specific parts of a website


Authentication and Authorization working Together in Real World

Let us take a real-world example where we see both Authentication and Authorisation concepts working together.

In offices, when a new employee joins, he is given two things-

  1. ID card (Authentication)
  2. Access Card (Authorization)

The use of the ID Card is to prove the employee’s identity. It contains the name, employee ID and some other details of the employee.

The use of the Access Card is to grant special permissions to an employee to access specific parts of the office. For example, some employees might not have permission to access the server room and some employees might have. The Access Card helps in establishing the relationship between a user and the scope of access he has.

Also Read: What is OAuth 2.0 ? How it Works ? A Detailed Explanation of Authorization Framework


  1. Good morming inputs for your consideration. ID CARD -authentication and ACCESS CARD – authorisation isuggest as follows
    Enter ID and password to authenticate youself. How you dothat ? Is using 1FA, 2FA or 3FA

    Once successfully authenticated the person is authorised to access specific resources such as office area, files in a server etc


  2. I donot agree that once successfully authenticated the persion is authorised to get access for specific resources. In my opinion , authentication and authorision are independent from each other . I mean , Authorisition action is taken before authentication . for example ,when you get into the company, the administartor granted you access some specific resources that others have no right to access ,in fact the action of administrator is taking is the so-called authorisition,but it occurs before authentication.

Comments are closed.

Exit mobile version