Authentication vs Authorization in LLD - System Design Last Updated : 08 Aug, 2025 Comments Improve Suggest changes Like Article Like Report Two fundamental ideas in system design, particularly in low-level design (LLD), are authentication and authorization. Authentication confirms a person's identity.Authorization establishes what resources or actions a user is permitted to access.Authentication MethodsPassword-based AuthenticationDescription: The most common form of authentication, in this users provide a unique password to verify their identity.Considerations: Passwords should be complex, stored securely, and users should be encouraged to use unique passwords.Multi-Factor Authentication (MFA)Description: Requires users to provide multiple forms of identification, such as a password and a temporary code is sent to their mobile device.Advantages: Enhances security by adding an extra layer of verification, even if one factor is compromised.Biometric AuthenticationDescription: Involves using unique physical or behavioral characteristics for identification, like fingerprints, facial recognition, or voice recognition.Considerations: Biometric data should be securely stored and processed to prevent unauthorized access.Token-based AuthenticationDescription: Users are given a physical or digital token (like a security key or smart card) for authentication.Advantages: Provides an additional physical element that needs to be present for authentication.OAuth ConnectDescription: Protocols used for authentication and authorization in the context of web applications and APIs.Use Cases: Commonly used for delegated authorization, allowing third-party applications to access user data.Authorization ModelsEnsuring that only authorized individuals or entities have access to particular resources, functionality, or information is an essential component of security. Role-Based Access Control (RBAC):Assigning roles to users or groups, letting them access only what their role requires.Example: HR personnel can access HR data but not finance information.Security Assertion Markup Language (SAML):Using an XML-based protocol for Single Sign-On, allowing admins to control resource access.Example: Access permissions are communicated through digitally signed documents.OpenID Authorization:Checking a user's identity through OpenID standards, ensuring consistency across systems.Example: Standardised authorization based on authentication from an authorization server.OAuth Authorization:It allows secure access within applications using permission tokens.Example: Users grant access to their information to certain apps without sharing their password.Device Permissions:Granting access based on the device trying to connect to a resource.Example: Only approved devices can establish a connection.Differences between Authentication and AuthorizationAspect Authentication AuthorizationDefinition Verifies the user's identity. Determines the user's access to resources or actions.Focus "Who are you?""What are you allowed to do?"ProcessTypically involves usernames, passwords, or biometrics. Involves checking permissions or roles assigned to the user.Order Happens before Authorization. Happens after Authentication.Scope Ensures the user is genuine. Ensures the user has access rights.Implementation Login pages, OTP, fingerprint scans. Role-based access control (RBAC), policy checks.ExampleEntering a password to log into an account. Checking if the logged-in user can view or edit a file.Security Purpose Protects against unauthorized user access. Protects against unauthorized actions by authenticated users. Comment T thesunpandey Follow Improve T thesunpandey Follow Improve Article Tags : Geeks Premier League System Design Geeks Premier League 2023 Explore What is System DesignSystem Design Introduction - LLD & HLD7 min readSystem Design Life Cycle | SDLC (Design)7 min readWhat are the components of System Design?10 min readGoals and Objectives of System Design5 min readWhy is it Important to Learn System Design?6 min readImportant Key Concepts and Terminologies – Learn System Design9 min readAdvantages of System Design4 min readSystem Design FundamentalsAnalysis of Monolithic and Distributed Systems - Learn System Design10 min readRequirements Gathering in System Design6 min readDifferences between System Analysis and System Design4 min readHorizontal and Vertical Scaling | System Design5 min readCapacity Estimation in Systems Design10 min readHow to Answer a System Design Interview Problem/Question?5 min readFunctional and Non Functional Requirements6 min readWeb Server, Proxies and their role in Designing Systems9 min readScalability in System DesignWhat is Scalability and How to achieve it?7 min readWhich Scalability approach is right for our Application? - System Design4 min readPrimary Bottlenecks that Hurt the Scalability of an Application - System Design4 min readDatabases in Designing SystemsComplete Guide to Database Design - System Design11 min readSQL vs. NoSQL - Which Database to Choose in System Design?5 min readFile and Database Storage Systems in System Design4 min readBlock, Object, and File Storage in System Design5 min readDatabase Sharding - System Design8 min readDatabase Replication in System Design6 min readHigh Level Design(HLD)What is High Level Design? - Learn System Design9 min readAvailability in System Design5 min readConsistency in System Design8 min readReliability in System Design5 min readCAP Theorem in System Design5 min readWhat is API Gateway?7 min readWhat is Content Delivery Network(CDN) in System Design7 min readWhat is Load Balancer & How Load Balancing works?4 min readCaching - System Design Concept8 min readCommunication Protocols in System Design6 min readActivity Diagrams - Unified Modeling Language (UML)10 min readMessage Queues - System Design12 min readLow Level Design(LLD)What is Low Level Design or LLD?6 min readAuthentication vs Authorization in LLD - System Design3 min readPerformance Optimization Techniques for System Design3 min readObject-Oriented Analysis and Design(OOAD)6 min readData Structures and Algorithms for System Design6 min readContainerization Architecture in System Design10 min readModularity and Interfaces In System Design8 min readUnified Modeling Language (UML) Diagrams8 min readData Partitioning Techniques in System Design5 min readHow to Prepare for Low-Level Design Interviews?4 min readEssential Security Measures in System Design8 min readDesign PatternsDesign Patterns Tutorial9 min readCreational Design Patterns4 min readStructural Design Patterns7 min readBehavioral Design Patterns5 min readDesign Patterns Cheat Sheet - When to Use Which Design Pattern?7 min readInterview Guide for System DesignHow to Crack System Design Interview Round?9 min readSystem Design Interview Questions and Answers1 min read5 Common System Design Concepts for Interview Preparation12 min read5 Tips to Crack Low-Level System Design Interviews6 min readSystem Design Interview Questions & AnswersMost Commonly Asked System Design Interview Problems/Questions1 min readDesign Dropbox - A System Design Interview Question14 min readDesigning Twitter - A System Design Interview Question15+ min readSystem Design Netflix | A Complete Architecture14 min readSystem Design of Uber App | Uber System Architecture13 min readDesign BookMyShow - A System Design Interview Question10 min readDesigning Facebook Messenger | System Design Interview9 min readComplete Roadmap to Learn System Design for Beginners6 min readGuide to System Design for Freshers15+ min readHow Disney+ Hotstar Managed (5 Cr)+ Live Viewers During India's T20 World Cup Win[2024]8 min read Like