Basics of Authentication

Our last video series was about data structures. We looked at the most common data structures, their use cases, pros and cons, and the different operations you could perform on each data structure.

Today, we are kicking off a similar series for Authentication strategies where we will discuss everything you need to know about authentication and authentication strategies.

In this guide today will be talking about what authentication is, and we will cover some terminology that will help us later in the series. You can watch the video below or continue reading this guide.

What is Authentication?

Authentication is the process of verifying someone’s identity. A real-world example of that would be when you board a plane, the airline worker checks your passport to verify your identity, so the airport worker authenticates you.

If we talk about computers, when you log in to any website, you usually authenticate yourself by entering your username and password, which is then checked by the website to ensure that you are who you claim to be. There are two things you should keep in mind:

Some other examples are:

How does Authentication Work?

On a high level, we have the following factors used for authentication.

We can categorize the factors above into three different types.

This brings us to our next topic: Multi-factor Authentication and Two-Factor Authentication.

Multifactor Authentication

Multifactor authentication is the type of authentication in which we rely on more than one factor to authenticate a user.

For example, if we pick up username/password from the knowledge factor. And we pick soft tokens from the possession factor, and we say that for a user to authenticate, they must enter their credentials and an OTP, which will be sent to their mobile phone, so this would be an example of multifactor authentication.

In multifactor authentication, since we rely on more than one factor, this way of authentication is much more secure than single-factor authentication.

One important thing to note here is that the factors you pick for authentication, they must differ. So, for example, if we pick up a username/password and security question or security codes, it is still not true multifactor authentication because we still rely on the knowledge factor. The factors have to be different from each other.

Two-Factor Authentication

Two-factor authentication is similar to multifactor authentication. The only difference is that there are precisely two factors in 2FA. In MFA, we can have 2, 3, 4, or any authentication factors; 2FA has exactly two factors. We can say that 2FA is always MFA, because there are more than one factors. MFA is not always 2FA because there may be more than two factors involved.

Next we have the difference between authentication and authorization. This comes up a lot in the interviews, and beginners often confuse them.

What is Authentication

Authentication is the process of verifying the identity. For example, when you enter your credentials at a login screen, the application here identifies you through your credentials. So this is what the authentication is, the process of verifying the identity.

In case of an authentication failure, for example, if you enter an invalid username and password, the HTTP response code is “Unauthorized” 401.

What is Authorization

Authorization is the process of checking permission. Once the user has logged in, i.e., the user has been authenticated, the process of reviewing the permission to see if the user can perform the relevant operation or not is called authorization.

And in case of authorization failure, i.e., if the user tries to perform an operation they are not allowed to perform, the HTTP response code is forbidden 403.

Authentication Strategies

Given below is the list of common authentication strategies:

In this series of illustrated videos and textual guides, we will be going through each of the strategies discussing what they are, how they are implemented, the pros and cons and so on.

So stay tuned, and I will see you in the next one.

Join the Community

roadmap.sh is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

Rank 6th  out of 28M!

268K

GitHub Stars

Star us on GitHub
Help us reach #1

+55k every month

850k

Registered Users

Register yourself
Commit to your growth

+1.5k every month

17K

Discord Members

Join on Discord
Join the community

Roadmaps Best Practices Guides Videos FAQs YouTube

roadmap.sh by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© roadmap.sh · Terms · Privacy ·

ThewNewStack

The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.