Encryption 101: your complete guide
Infosec 101 - 11 min read
May 18, 2022
Jan 27, 2021
2 min read
Authentication confirms that users are who they say they are, while authorization gives them access to resources and services. When you hear a knock on your door, you look through the peephole to see if you know the person. And, if that person is a plumber you’ve summoned, you expect them to fix your kitchen sink rather than roam through your house. In computing security, looking through the peephole is called authentication, and allowing a person to do certain things is authorization.
Authentication is the process of identifying the user. It always runs at the start of the application, when you have to enter your credentials. If you can’t successfully authenticate yourself, you are not allowed to use the services or resources.
Here are a few examples of authentication we are all familiar with:
Authentication checks your credentials against those saved in the service’s database. If they match, you’re granted access.
We all have dozens of accounts protected by passwords — it’s the most popular method of authentication. The stronger your password, the better. Many people use the same password for all their accounts, which is a big mistake. If a hacker were to steal your password, he could get access to a bunch of different services with zero effort.
We recommend using a unique password for every account. Of course, it would be impossible to remember them all, but a password manager could do that job for you.
Two-factor authentication includes an extra step in the login process, providing users with more security. It means that, after typing your username and password, you also need to authenticate yourself using an authentication app, a fingerprint, or a token.
Since passwords can be stolen, two-factor authentication is your safe harbor.
As the name suggests, biometric authentication relies on the distinctive characteristics of your body: your voice, face, fingerprint, or the eye. With biometric authentication, you don’t need to remember any PINs or patterns — that’s why it’s so popular among smartphone users.
Token authentication is typically used as a second step after typing your credentials. A token generates a unique code, which is valid only for a short time. After the code expires, the token provides you with a new one.
Authorization defines the rights you have in the services you use. Namely, it’s what you can access and what is restricted. When you connect to your company’s network, you are granted access to certain resources necessary for your daily work. If you’re working in a marketing department, you probably won’t be able to access files from the financial unit.
However, every user can share files with their co-workers, thus authorizing them. Let’s take NordLocker as an example. It’s an easy-to-use app that allows users to encrypt data and store it on the computer or in NordLocker’s cloud. You can share your files with other users and authorize them to have access. But they also need to create their own master password to authenticate themselves in the app.
John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.