Loading page
Authentication and authorization sound alike and often get confused, but they answer two different questions and always happen in a fixed order. Both live inside the AAA framework.
Last updated June 2026
| Aspect | Authentication | Authorization |
|---|---|---|
| Question it answers | Who are you? | What are you allowed to do? |
| Purpose | Verifies identity | Grants or denies access to resources |
| When it happens | First, at sign-in | After authentication succeeds |
| Based on | Credentials and factors (password, token, biometric) | Permissions, roles, and policies |
| Example | Logging in with a password plus an authenticator code | Being allowed to read a file but not delete it |
| Place in AAA | The first A | The second A, then Accounting |
Authentication proves who you are; authorization decides what you can do once you are in. Authentication always comes first. Both sit inside the AAA model: Authentication, Authorization, and Accounting.
Reading the difference is a start. SecPlus Mastery drills it with over 1,000 practice questions, timed mock exams, and spaced review across all five SY0-701 domains, so it sticks for exam day.
Written to the CompTIA Security+ SY0-701 objectives. CompTIA and Security+ are trademarks of CompTIA, used here for identification only.