Go to homepage

Authentication and Authorization

  1. Startpage
  2. Glossary
  3. Authentication and Authorization

Authentication and authorisation

Authentifizierung und Autorisierung

Authentication, authentication and authorisation: In colloquial language, these three terms are often used as synonyms. Although they have a lot in common, they do not mean the same thing. The distinction between the three terms is therefore not a subtle one. In certain areas, such as the documentation of processes, it is even absolutely necessary.

the meaning of these terms in everyday life

Regardless of whether you log on to your office computer, check emails or visit certain websites: You will encounter these three terms frequently in your day-to-day work. During these processes, you prove your identity, which is checked before you are granted certain privileges. Or not. Because if you enter your password incorrectly, you will not be granted access. Then your authentication was unsuccessful and you will not receive authorisation.

Authentication, authentication and authorisation in detail

Authentication is proof of identity. As a person, you provide proof that you are who you claim to be. In everyday analogue life, this is done, for example, by presenting your identity document, whereas in information technology (IT) it is often done, for example, by providing a user name in combination with a password.

Authentication is the verification of this proof of authenticity. In the analogue world, someone would check your ID card to see whether it is genuine or has been forged. In IT, for example, it is verified whether there is a link between the user name and password in the system.

Authentication can be carried out with the help of various factors:

  • With passwords. Usernames and passwords are still the most common factors for authentication and authorisation.
    • For
  • example, if a user enters the correct data for their account with an online shop, the system assumes a valid identity and grants access
  • using unique PINs. In this case, the user receives a PIN electronically. However, access is only permitted for one action, session or transaction.
  • through apps for authentication. Here, access is granted to the user with the help of security codes. These are created by an external party.
  • Through biometric data. Access to the system is by fingerprint or via the user's retina scan.

Authorisation designates access to the rights that are granted to you by the system after you have successfully proven your identity. These privileges do not have to be unlimited. For example, you may be able to work in your user account once you have been authorised. However, if you do not have administrator rights in this account, you may not be able to install programmes yourself.

Access and rights are exposed to dangers:

authentication and the resulting authentication and authorisation do not guarantee complete security

.

On the contrary: they are susceptible to interference and unauthorised or undesired actions. If cyber criminals present stolen access data for authentication and authorisation, the system will grant you the privileges if it recognises and classifies the data as genuine.

How to make authentication and authorisation more secure:

  • Only use secure methods for authentication and authorisation, for example via encrypted connections. For example, make sure you use strong and unique passwords. Password managers are a good choice for generating passwords.
    • Make
  • sure that your access data cannot be intercepted by keyloggers and misused by third parties
    • during
  • the authentication and authorisation process.
  • If possible, use two-factor authentication. If cyber criminals possess your data, it will become unusable.
  • Only set the user rights you need as part of the authorisation process. If you work in a user account without administrator rights, this does not have to restrict your productivity. At the same time, they ensure that malware can only carry out certain processes with difficulty or not at all.

Greater security: two-factor authentication

Two-step authentication, also known as two-factor authentication or 2FA, makes authentication and authorisation more secure. It makes it possible to store an additional factor for logging into a system (computer, mailbox, online service) in addition to the password. Only those who have and can present the correct password and the second factor are granted access.

Two-step authentication is a reliable protection against attacks in which intruders have stolen email addresses and passwords from other databases.

The most common method of two-factor authentication is email. After entering the correct user name and password, the system or service sends you, the user, a multi-digit code.

  • Advantage: The method is convenient and requires no additional hardware or software.
  • Disadvantage: If an attacker gains access to your e-mail account, they can easily read the code for the second factor.

Other forms of two-factor authentication are, for example, authentication by SMS (less frequently by phone call), two-factor authentication apps such as Google Authenticator or Microsoft Authenticator, smartcards or printed backup codes.

FREQUENTLY ASKED QUESTIONS

FAQ

Unter Authentifizierung wird die Prüfung eines unterschiedlich gearteten Nachweises der Identität auf Authentizität verstanden. Mit der Autorisierung wird das Gewähren eines Zugangs zu all jenen Privilegien verstanden, die der mit Erfolg nachgewiesenen Identität zugestanden werden. Diese Nutzerrechte können allerdings begrenzt sein.
Die drei Methoden zur Authentifizierung lassen sich unter den Stichworten Wissen, Besitz und Inhärenz, im Sinne von individuell oder persönlich eigen, zusammenfassen. Dinge, die ein Nutzer weiß, sind ein PIN oder ein Kennwort. Dinge, die ein Nutzer besitzt, können das Smartphone oder ein Ausweis sein. Inhärente Dinge sind unter anderem biometrische Daten wie Netzhaut, Stimmerkennung oder Fingerabdrücke.
Mit der Zwei-Faktor-Authentifizierung wird ein System wie ein Computer oder ein Postfach zusätzlich abgesichert. Der Nutzer erhält vom jeweiligen System erst dann eine erfolgreiche Authentifizierung und Autorisierung,wenn er sich zweimal erfolgreich durch Sicherheitsfaktoren identifizieren konnte. Der erste Sicherheitsfaktor ist Ihr Passwort.
Für die Zwei-Faktor-Authentifizierung gibt es unterschiedliche Formen. So muss sich ein Nutzer für den Zugang zu seinem Online-Konto zum Beispiel wie gewohnt mit seinem Benutzernamen und dem dazugehörigen Passwort einloggen. Das ist der erste Faktor. In einem zweiten Schritt wird ihm ein Sicherheitsschlüssel gesendet, den der Nutzer dann zusätzlich eingeben muss. Alternativ und je nach System wird dieser Schlüssel auch beim Nutzer direkt generiert, etwa von einem USB-Sicherheitstoken, einer Smartcard, oder einer Smartphone-App. Das ist dann der zweite Faktor.
Biljana signundsinn GmbHContact person link image
Your contact person
Biljana Huerta Barroso
b.huerta@signundsinn.de
Contact us

This website uses cookies

We use cookies to provide you with an optimised website experience. This includes cookies that are necessary for the operation of the site, as well as those that are used for statistical purposes, for comfort settings or to display personalised content. You can decide for yourself which categories you want to allow. Please note that based on your settings, not all functionalities of the site may be available. You can consent to the use of non-essential cookies by clicking on the "Accept all" button or decide otherwise by clicking on "Reject". The consent includes all preselected or selected cookies.

You can change this selection at any time or revoke your consent by clicking on "Settings" at the bottom of the page. Further information can be found in our privacy policy and in our legal notice.