Powered by

 Gemini Logo

Sign in

Cryptopedia. Your trusted source for all things crypto.

Buy crypto

Topics

View all

Powered by

 Gemini Logo

Sign in

Buy crypto

Authentication vs. Authorization

Authentication and authorization procedures are basic components of online security aimed at keeping your data secure.

By Cryptopedia Staff

Updated March 10, 20222 min read

Gemini-Authentication vs. Authorization

Summary

Authentication and authorization are common security processes that are often used in tandem. In basic terms, authentication checks your identity as a user, while authorization checks and controls what you have access to. When using a shared document, for example, you need to log in to authenticate your identity. Whether you have permission to open, view, or edit the document is determined by authorization controls.

Authentication 

Basic authentication processes should be familiar to most people: Inputting passwords, answering security questions, and scanning a fingerprint to access your smartphone are all authentication methods of proving that you are who you claim to be. Local authentication applications traditionally store credentials, which must be entered and validated in order for a user to be granted access. Passwordless authentication techniques, such as WebAuthn, multi-factor authentication (MFA) such as U2F, one-time passcodes sent via SMS, and single sign-on are increasingly popular and generally more secure than passwords alone.

Most cryptocurrency exchanges use two-factor authentication (2FA), which requires a password followed by a second form of identifying information, like a fingerprint, a code sent to a smartphone, or a PIN, in order to sign on to a platform.

Biometric authentication is becoming a more commonplace method of authentication. This security process relies on a user’s unique physical or biological markers, like a fingerprint, which is then compared with data stored in a database. If a user inputs a facial scan or fingerprint that matches the stored biometric data for that approved user, authentication is confirmed. Because these biological markers are hard to fake and can’t be forgotten or lost like a password, biometric authentication has become a powerful and convenient tool in secure authorization for consumer smartphones, computers, and applications.

Hardware-backed authentication relies on a physical device to grant user access to computer and network resources. Typically, a hardware authenticator like a USB security key or security token can be inserted into a computer’s USB port or wireless connection to the device the user is trying to access to verify the identity of a user for access. Together with the user’s login credentials, the device can provide protection, even if you lose access to a phone or are subject to a SIM swap attack.

Authorization 

As it relates to authorization vs. authentication, authorization generally comes after successful authentication. Authorization procedures verify whether you have the authority to access the content or resources you have requested access to. Some of these procedures occur via access tokens. These tokens contain security credentialing information concerning a user’s level of privilege and the extent of their access rights. For example, when a user provides credentials to log into a system and that login information is authenticated, an access token, which indicates what access is permitted, is generated. When a user tries to access a specific resource, the contents of that token are then checked to determine if the action is authorized.

In addition to token-based authorization, Role-Based Access Control identifies users with a specific role and the access privileges associated with that role. For example, in a business setting, an HR manager may be authorized to access sensitive employee records, whereas an intern might be restricted. Alternately, Access Control Lists (ACLs) can specify which users or processes are authorized to access specific objects or data, and which operations can be performed. On a shared Google doc, for example, specific users might be allowed to view but not edit, while others may perform any function. Both authentication and authorization procedures are central components not only for keeping cryptocurrency wallets and transactions secure, but also in how modern communication on the internet works.

Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author(s) and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more.

Is this article helpful?

Yes

No

Topics in article
Up Next