One day Minnie was resting at home when she received a call from Mickey
Mickey – Hey Minnie, where are you?
Minnie – Hi Mickey! I am at home. What happened?
Mickey – I need to talk to you. Can you come to the restaurant across your street?
Minnie – Sure, I am coming
Mickey – Come fast. I am waiting
(Minnie got ready and went to see Mickey)
Minnie – Yes Mickey, tell me.
Mickey – I have got an activity to explain the difference between Authentication and Authorisation tomorrow in the class. And I have no idea.
Minnie – Hey Mickey, don’t worry. Let me tell you a story.
Mickey – Great! And here we go…
Minnie – Okay suppose you hear your doorbell ring and you open the door. You see Goofy standing there. Will you allow him inside?
Mickey – Of course, I will.
Minnie – Why?
Mickey – He is my friend. I know him.
Minnie – Exactly. So you are authenticating him to enter your home
Mickey – Okay!
Minnie – Suppose after coming inside he uses your sofa, watches TV, uses the toilet
Mickey – Yeah! That’s all fine.
Minnie – What if he goes in your kitchen & opens the refrigerator
Mickey – What! He is not supposed to do that.
Minnie – Exactly! Or we can say he is not authorized to do so.
Mickey – Okay, I am getting it
Minnie – So Authentication is like validating a user or service. Like you allowed Goofy to enter the house. You will not allow any stranger, right?
Mickey – So it’s like validating the identity of the user or service.
Minnie – Exactly, and there are ways of validating the identity like using passwords, single-factor authentication, multi-factor authentication, etc.
Mickey – I am now getting it. So getting access to my home using a key is like authentication?
Minnie – Yes, think of the key as the password.
Mickey – Got it
Minnie – And Authorisation is the process of permitting the user or service to access specific resources. e.g. Goofy can use your drawing room but not your bedroom.
Mickey – Okay! Got it.
So when I log in to my school website with my username and password. I am authenticated to access the website if my credentials are correct. But I cannot go to the Admin section as I am not authorized to access that section of the website.
Minnie – Yes or you can say your user does not have the privilege to access that resource.
Mickey – Wow!
Minnie – Now let’s go to the next level
There are different factors or levels of authentication
- Single-Factor Authentication: A simple way of authentication where a user needs an id and password to get access. So the user or service needs only one step to verify the identity
- Two-Factor Authentication: Here a user or service needs 2 step verification process. You must have seen some services or apps where you need password + you need to enter an OTP sent to your mobile device to get access. You can set 2-factor authentication on your Gmail from settings.
- Multi-Factor Authentication: This is a more advanced level where you need 2 or more levels of security. You will find this type of authentication in banks and financial institutions
Mickey – So when I goto my bank ATM, I need to enter my passcode only. Is this single-factor authentication?
Minnie – No, you first need to insert your card and then enter your passcode. So that is two-factor authentication
Mickey – Got it
Minnie – And based on your user roles. You are authorized to access specific sections or menu items.
Mickey – Got it.
Minnie – So how do you feel now.
Mickey – I am all ready to explain this in the class tomorrow.
Minnie – Let’s order pizza.
Mickey – Sure, it’s on me. Thanks for coming and helping me.
Minnie – I am always here for you 🙂
