Skip to main content

Authentication (Auth)

PropertyValue
descriptionProcess of verifying the identity of a user, device, or system before granting access.
tagsref

Authentication is the process of verifying the identity of a user, device, or system before access is granted.

In web and software systems, authentication answers the question: "Who are you?" It is separate from authorization, which answers: "What are you allowed to do?"

What it does

Authentication establishes whether a claimed identity is valid.

It is commonly used to:

  • Sign users into applications
  • Protect accounts and private data
  • Verify callers of an API
  • Gate access to admin panels, dashboards, and services
  • Bind a user or system identity to credentials such as passwords, codes, keys, or tokens

Core concepts

Identity verification

Authentication is about verifying identity.

That verification can happen with a password, a one-time code, a device-based factor, a cryptographic key, or another trusted credential.

Factors

Authentication factors are commonly grouped into knowledge, possession, and inherence.

Examples include passwords, OTP codes, hardware tokens, or biometrics.

Authentication vs authorization

Authentication confirms who the actor is.

Authorization decides what that authenticated actor is allowed to access or do.

Common use cases

  • Website and app login
  • Admin-area protection
  • Service-to-service API access
  • Session establishment after credential checks
  • Step-up security using 2FA or MFA

Practical notes

  • Authentication can apply to humans, software clients, devices, and services.
  • Strong authentication is not just about passwords; it often includes layered factors or short-lived credentials.
  • API Keys and tokens are also part of authentication patterns in many systems.
  • Authentication should be designed together with session handling, transport security, logging, and recovery flows.

Sources Used

Frequently Asked Questions

Is authentication the same as authorization?

No. Authentication verifies identity. Authorization decides permissions after identity is known.

Is MFA part of authentication?

Yes. MFA is a stronger authentication approach that requires more than one factor.

Are API keys used for authentication?

Often yes. Many systems use an API Key as one credential for authenticating software requests.