Security Basics 12 min read

Authentication vs. Authorization: How Your Digital Identity is Managed

KD

Kay Dev

May 05, 2026

Authentication and Authorization Concept Visualization

1. Authentication vs. Authorization

These two terms are often confused, but they serve completely different purposes. Think of it like entering a high-security building:

  • Authentication (AuthN): This is showing your ID card to the guard. It answers the question: 'Who are you?'
  • Authorization (AuthZ): This is your keycard having access to the 5th floor but not the basement. It answers the question: 'What are you allowed to do?'
Diagram showing the flow of Authentication versus Authorization

2. How Passwords are Stored (Hashing)

Professional services never store your password in 'plain text'. If a database leak occurs, hackers shouldn't see your actual password. Instead, we use Cryptographic Hashing.

A hash is a one-way mathematical function. When you sign up, your password (e.g., 'MyVault123') is transformed into a long string of random characters (e.g., '$2b$12$Kj...').

# Example of Password Hashing
"Password123" -> SHA-256 -> ef92b778bafe425523a9...

3. Request Signing Methods

Every time your browser talks to our server, it needs to prove it's still you. There are three main ways to do this:

Basic Authentication

The simplest method: your username and password are sent in every request header. It's easy to set up but considered insecure without HTTPS because the credentials can be easily intercepted.

JWT (JSON Web Token)

JWT is like a digital 'boarding pass'. After you log in, the server gives you a signed token. You show this token for every next request. It contains information about who you are, but it's cryptographically signed so it cannot be forged.

JWT token exchange process flow

OAuth 2.0 (Login with Google/GitHub)

OAuth is the gold standard for 'delegated access'. It allows you to log in to Ice Vault using another service (like Google) without ever giving us your Google password.

Inside Ice Vault, we utilize these protocols to ensure that even if a request is intercepted, your master encryption key (the one you use for Zero-Knowledge) remains entirely on your device and is never sent to our database.

Why this matters for your Privacy

Understanding these layers helps you realize that modern security isn't just one lock—it's a series of checks. At OAuth is widely explained on Wikipedia for those who want to see the complex flow of handshakes between servers.

Conclusion

By separating who you are (Authentication) from what you can access (Authorization) and using secure tokens like JWT, we create a platform where your identity is safe and your data is accessible only to you. This is the foundation of a true Ice Vault.