In practice, authentication and authentication in particular are often used interchangeably since they are part of the same process for use on IT systems.
The distinction is particularly important in the documentation of IT processes.
Authentication means presenting proof of the user's identity to the IT system or IT resource to which he or she is trying to log on. This proof can come in various forms, such as information only the user knows (password, PIN), something they are (fingerprint, iris scanner), something they have (smart card, token, badge) or a combination of the above. Authentication is therefore the active action of the user when registering, in which he asserts his identity with proof.
Authentication refers to the procedure for checking the assertion of identity and its result, in which the IT system compares this with the stored information on the asserted identity or queries a third, authorized body. Thus, authentication follows authentication.
The positive result of the authentication is followed by "authorization", which means the granting or restriction of "certain rights". Successful authentication does not automatically mean access to resources on the network.
A classic example of this is withdrawing cash from an ATM.
The customer authenticates himself with his combination of debit card (something he has) and his PIN (something he knows).
If the information matches, the ATM authenticates the customer as the legitimate user of the bank account.
Now the bank customer is authorized to withdraw an amount from his account. If the limit is exceeded, the process would be aborted due to lack of authorization.
