As stated in the
previous article about the difference between authentication and authorisation,
it is important
to understand the different aspects of security in order
to control access to resources in as secure
and as user-friendly
a way as possible. However, the step of authentication
itself — the act of ascertaining who a person is
— comprises the two components of
At some point whilst interacting with many websites or web-based applications and services, users are asked to state and prove who they are. Whether this is to make sure only that user edits their own profile or it is for secure financial transactions, identity, trust and authorisation underpin almost any secure communication. Here, I will break down the basic, distinct components of user identification and show why the distinction between them is important for designing or even using a secure system.
