Codecademy Logo

Authentication, Authorization, & Encryption


Authentication is the verification of who a user is.

Single-factor authentication only needs one method of verification, usually a username and password.

Multi-factor authentication (MFA) requires at least two consecutive factors of verification. The most common implementation is a password followed by an access code sent to another device or service.


Authorization is what a user can do.

It includes verifying and maintaining the level of access a user has.


Encryption is the process of transforming data into a format that is unreadable unless you have the correct key to decrypt it.

Encryption technologies are constantly evolving.

Authentication in the 60’s and 70’s

In the 1960s, usernames and passwords originated from time-sharing practices used when users accessed centralized computers from terminals. Initially, these passwords were stored in plaintext.

In the 1970s, passwords were beginning to become encrypted using a salted hash.

Authentication in the 80’s through the 2000s

In the 1980s, one-time passwords (OTP), a unique password that changes every time a user logs in, was created, enabling new methods of possession-based authentication.

In the 2000s, multi-factor authentication (MFA) began to become more widely used, and it includes factors like something you know, something you have, or something you are.

OAuth 2.0

OAuth 2.0 is the current gold standard for authorization.

It allows third-party websites to access information on other websites without needing the user credentials from the original website.

An image of the Codecademy login screen. It has multiple options for OAuth.

Learn More on Codecademy