Authentication Flashcards

1
Q

What is the difference between authentication and authorization?

A
  • Authentication verifies the user’s identity (e.g., login credentials).
  • Authorization determines what actions or resources the authenticated user has access to.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is session-based authentication, and how does it work?

A

A server creates a session for the user after login and stores a session ID in a browser cookie. The server verifies the session ID for subsequent requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does token-based authentication work?

A

The server issues a token (e.g., JWT) upon login. The client includes this token in the headers of future requests for authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the components of a JSON Web Token (JWT)?

A
  • Header: Contains the algorithm and token type.
  • Payload: Includes claims (user data, permissions).
  • Signature: Verifies the token’s integrity.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is OAuth 2.0, and what is its primary use case?

A

OAuth 2.0 is an authorization framework that allows third-party applications to access a user’s resources without exposing credentials. Example: Logging in with Google.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How does OpenID Connect (OIDC) extend OAuth 2.0?

A

OIDC adds an identity layer to OAuth 2.0, providing user authentication and user profile information in addition to authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is MFA, and why is it important?

A

MFA requires two or more verification methods (e.g., password + one-time code) to enhance security by reducing reliance on passwords alone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is password hashing important, and what algorithms are commonly used?

A

Password hashing securely stores passwords by converting them into irreversible hashes. Common algorithms: bcrypt, Argon2, PBKDF2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of a refresh token in authentication?

A

A refresh token is used to obtain a new access token after the old one expires, maintaining a secure and seamless user experience without requiring re-authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Single Sign-On (SSO), and how does it work?

A

SSO allows users to log in once and access multiple related systems without re-authenticating. It uses protocols like SAML or OIDC to share authentication tokens between services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly