Authentication vs Authorization
One of the benefits of the internet is that it allows individuals a high degree of anonymity. That anonymity can be invaluable in some cases but it can be a great detriment in others, such as when it comes to securing data. It goes without saying that while you may want to access certain content anonymously, you also don't want just anyone having access to your online banking information. For that reason, before you access most of your online accounts, you need to verify in some way that you are actually authorized to access that account. In some cases, all that is needed is to prove you are authorized to access an account is to enter a simple login ID and password. In other cases, you may need to actually verify your identity in some way to gain access. These two different levels of security are known as authorization and authentication. Here is an overview of authentication vs. authorization. What each one is, why they are necessary and how each is accomplished.
These days almost all accounts are secured by at least a simple login ID and password. By entering that login ID and password, you are demonstrating that you are authorized to access that account. A simple login ID and password are generally sufficient for accounts that contain very little personal data or are meant to be used by multiple people, such as a family Netflix account or a loyalty account for your local grocery store.
Unfortunately, the number of ways in which login credentials can be stolen - or even guessed - are too numerous to count. For that reason, it is no longer enough to use simple login credentials to secure high-value data. In that case, it is much more important to verify that the specific individual trying to access an account is actually authorized to do so. This is where authentication comes in, which is different from simple authorization. Authentication attempts to verify the identity or credentials of a specific individual before granting access to a certain account or a certain level of information. For instance, a simple login and password may be enough to grant employee access to general company information, but they may need to perform a biometric scan or enter a PIN before accessing high-level or more sensitive information.
Why is Authentication Important?
Many of the ways in which digital assets are protected or guarded are similar to the ways in which anything of physical value is guarded. For instance, almost anyone with your bank account number can walk into a bank and deposit money into your account. Depositing money into someone's account represents a low-security risk and doesn't reveal any personal or financial information so the simple possession of an account number is sufficient to provide authorization to do so. In order to withdraw money, however, or gain access to any financial information, you would need to show identification verifying that you are actually authorized to withdraw money or gain access to financial data. In that case, your identity would need to be authenticated in order to prove you are authorized to withdraw money.
One of the key reasons that authentication is so important is due to the infinite number of ways in which login credentials can be obtained these days. Unfortunately, people are creatures of habit and they are prone to using the same login credentials for low-level accounts like their Netflix account as they do for high-level accounts like banking or work accounts. Sites with little information to protect also tend to have minimal security which makes them remarkably easy to hack. This makes it easy to download thousands of login credentials from low-security sites and use them to try and gain access to more high-security sites. Targeted phishing scams are also on the rise, which can give thieves, hackers and other fraudsters more specific login credentials for specific businesses.
Why Authentication is Becoming More Important Than Ever Before
While many business may consider simple login credentials alone to be sufficient to secure the level of data they store, that is quickly changing. As the world grows more and more connected, businesses that may have little data or only data of little value to protect may become unwitting portals to sites with a higher value or more sensitive data. In fact, one of the largest data breaches in the last decade was accomplished by this very means. More than 70 million financial accounts were compromised in the Target data breach, which was accomplished by using stolen login credentials for a small HVAC company that had direct access to Target's financial data.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.