Guardians of the Gateway: A Tour of Authentication Techniques
Picture this: You enter the office premises, now at the security gates inside the building. You need to prove, that you are indeed an employee of the company and not someone who is passing by to get some cool air inside the building. For this, you pull out your golden ticket to paradise, your access card. You reach your pocket, take out the card, and wave it at the turnstile. BEEEEEP!!! The gates are not opening.
You now realize you waved your credit card at the beep. Now, you actually bring out your access card and wave it, and NOW it welcomes you in. Because the access card has your identity stored in it and the software installed at the security gate verified that the one who waved the card is actually you.
But, you would know that just having this access card does not allow you to every nook and corner of the building. Most of us would be allowed into the cafeteria, but not necessarily the CEO’s room or the freezing server room. Only those who have anything to do there would be allowed there. Why else would anyone need to be there? So, the access card would also have information on where you are allowed and not allowed to explore in the building.
What if there was no kind of access card here?
Anyone could enter the office building, anyone would enter the server room, might have felt thirsty and tried to drink some water, spilled it on the servers, and within 10 minutes everyone in the building is evacuated from an alarm.
So, this kind of security needs to be there in the web landscape too, to prevent the misuse of resources we are trying to protect. Let’s further explore how the above example translates to securing digital systems, and the various methods that can be used according to suitable scenarios.
WHO ARE YOU? ARE YOU EVEN ALLOWED TO DO THIS?
We all have come across the terms Authentication and Authorization often. They basically mean — to identify, allow, and restrict access to requests for specific resources in the system, based on their role. This prevents misuse of resources by unauthorized users or even attackers.
Sometimes, we have used these terms interchangeably, these do go hand-in-hand, in most cases. But, do we really know the distinct difference between these terms?
0 Comments