11 Identification vs Authentication vs Authorization

Identification, Authentication, and Authorization

In this section, the speaker explains the differences between identification, authentication, and authorization in the context of security.

Definition of Identification

• Identification is the process of determining who a person is.

• It involves labeling a person with a username, security ID, smart card, or PIV.

Definition of Authentication

• Authentication is the process of proving one's identity.

• It can be done through methods such as username/password combination, PIN, OTP (one-time password), or biometric data.

Definition of Authorization

• Authorization deals with permissions and access rights.

• Once a person's identity has been established and authenticated, authorization determines what actions they are allowed to perform on a system.