loading...
Login form element

Published: March 2020

Authentication vs. authorisation

The purpose of my article is to explain the difference and prevent confusion. I want to give you two easy examples you can remember.

Markus A. Wolf

Author: Markus A. Wolf
Taipei / Taiwan – UX Designer and product owner - worked in Germany, California / Silicon Valley and now Taiwan for international clients.

Be or not to be confused with authorization - this is the question…

If you talk to people they often use this two words constantly wrong.

Laptop with login form and security issues

Usually the differences between these two methods are quite easy to understand BUT but because of their appearance and pronunciation they are hard to seperate - regardless of whether you had a beer or not. Many people are using these two words constantly wrong. Even for web developers it is hard to tell the difference. Because of this confusion wikipedia decided to add a small hint on the website to point out the difference: “Not to be confused with authorization”.

Let’s get started. I want to explain it to you easily so you can understand and remember the differences. Authentication means that you have to verify yourself as the person you are. Authentication is needed to verify your identity. Authorisation is a process to clarify if you are part of a group or if you have access to a particular web page. Authorisation is needed to organize the rights and privileges you have in an organisation.

  • Authentication -> identity
  • Authorisation -> access to something

Examples - Some real world cases

I will give you an example. You go to a website to see your order history. You already have an account - of course - and you enter your username, password and hit enter. Now the login process starts and at first the website checks your identity this is called authentication. Is your password the right for this username? If yes, the next step starts. Now the website checks if you have access to your order history and if you are allowed to order some stuff. If everything was fine you can see your last orders - authorisation.

Second example

Here is another shorter version. At first you have to authenticate yourself to know if you are the author of a web article and authorise yourself to check if you have the right to change the text.

BTW. The two words authentication and authentification are the same and often used “by non-native speakers who aren’t aware that it’s less idiomatic in English” so I had to learn it too :-).