Authentication vs. Authorization

June 2020

Authorization and Authentication. They sound almost the same, they both start with the letters auth and both end with ation. So what's the difference? And how can you remember the difference?

Authentication

Authentication is the process of verifying the identity of someone or something. If you are logging into a platform, you are authenticating yourself. Commonly with a username and a password, but there are also multi factor authentications, such as using a mobile phone for added security.

How can you remember this? You know the word authentic. You know it means somebody is himself. Then it's easy to remember that authentication means to prove that you are who you claim to be!

Authorization

The concern of authorization is to check permissions. A system might know who you are, but you still might not be permitted to do something. For example, I might be logged in as hans@gmail.com into some system, but that still doesn't mean I'm an admin and can call /api/drop-all-tables.

How to remember? This word also appears in common language, for example on signs like "only for authorized personnel". You can also remember that YOU SHALL NOT PASS = You are unauthorized. Gandalf knows who you are, but still thinks it's a bad idea for you to pass!

Interested in web development?