To that point: it’s 2 factor authentication. That is, proving who you are through 2 different factors, usually something you know (a password) + something you have (a physical device) or something you are (biometrics).
The point is that “something you know” can often be easily acquired by malicious third parties and it is generally much harder for them to gain access to “something you have” or “something you are”. Thus requiring 2 different factors blocks most nefarious access attempts.
Authorization is a separate, different step that, usually after having already proven you are who you say you are, verifies whether you’re allowed to do what you’re trying to do. This generally doesn’t require multiple factors because you’ve got nothing left to prove: the system knows all about what you’re permitted to do.
Mnemonic:
authentication: you are an authentic person (as opposed to impersonating someone)
authorization: you are authorized to perform an action
To that point: it’s 2 factor authentication. That is, proving who you are through 2 different factors, usually something you know (a password) + something you have (a physical device) or something you are (biometrics).
The point is that “something you know” can often be easily acquired by malicious third parties and it is generally much harder for them to gain access to “something you have” or “something you are”. Thus requiring 2 different factors blocks most nefarious access attempts.
Authorization is a separate, different step that, usually after having already proven you are who you say you are, verifies whether you’re allowed to do what you’re trying to do. This generally doesn’t require multiple factors because you’ve got nothing left to prove: the system knows all about what you’re permitted to do.
Mnemonic: