Let’s talk about the three A’s of security – Authentication, Authorization, and Accounting. These three work together to make sure that only the right people get access to the right things, and that everything is tracked properly. Think of them as the gatekeeper, the rule-setter, and the record-keeper of digital systems.
Authentication: Proving You Are You
This is the first step—confirming your identity. It’s how a system knows it’s you and not someone pretending to be you.
There are several ways to prove who you are:
- Something you know – like your password or PIN.
- Something you have – like a passport, ID card, or a security token.
- Something you are – like your fingerprint or face scan.
- Something you do – like your signature, typing rhythm, or even how you walk.
- Somewhere you are – your location can also help verify your identity.
Each method adds a layer of security. The more layers you use, the harder it is for someone to impersonate you.
Authorization: What You’re Allowed to Do
Once the system knows who you are, it checks what you’re allowed to access. You might be able to view your own bank account, but not someone else’s. You might be allowed to read a document, but not edit it.
Authorization makes sure you only get access to the things you’re supposed to—and nothing more.
Accounting: Keeping Track of What Happens
This is the behind-the-scenes logging of everything you do. It records what data you accessed, what actions you took, and when you did them. This is important for non-repudiation, which means you can’t deny doing something later—there’s a record.
If something goes wrong, these logs help figure out what happened and who was responsible.
Real-Life Example: Online Banking
Let’s say you’re using your mobile banking app:
- You authenticate by entering your username and password.
- You’re authorized to see your own account, not someone else’s.
- When you make a transfer, the system accounts for it by logging the transaction—so if there’s ever a dispute, the bank can show it was you.
Of course, real systems are more complex, but this gives you the basic idea of how the AAA model works to keep things secure.
