week 8

8.2 Authentication and Authorisation

AUTHENTICATION verifies WHO the user is (identity verification). AUTHORISATION determines WHAT the authenticated user can do (access control).

1.    Authentication methods: Username/Password, Multi-Factor Authentication (MFA — widely required by CBN for banking apps), biometrics, digital certificates

2.    Authorisation implements the principle of LEAST PRIVILEGE — users are given only the minimum permissions needed for their role