Huy's Notes


#security #system-design #networking

Authentication is the act of verifying an identity of a user to make sure they're actually a person who they claimed to be.

Authorization is the act of controlling the access level of a user to certain parts in the system.

Authentication Factors are the ways for someone to be authenticated. There are 3 categories of authentication factors:

  • Knowledge factors: it's something that the user knows. For example: password, PIN, security questions,...
  • Ownership factors: it's something that the user has. For example: ID card, hardware security token, software security token,...
  • Inherence factors: it's something that the user is or does. For example: fingerprint, signature, face, voice, DNA sequence,...

The weakest level of authentication is Single-factor authentication, where only a single factor is being used.

Multi-factor authentication is a method that involves two or more factors (like, both password and security tokens,...).

Authentication Protocols are the standards that define how should we handle authentication data between parties in a system.

Some popular protocols are [OAuth], SAML, FIDO, LDAP,...

For API Authentication, there are some cmoonly used protocols such as [Basic Auth], [API Keys], [OAuth],...

Referred in

If you think this note resonated, be it positive or negative, please feel free to send me an email and we can talk.