They are essential parts of a registration process.
In practice, authentication and authentification in particular are often used synonymously, since they are part of the same process for use on IT systems. The distinction is particularly important when it comes to the documentation of IT processes.
Step 1 - Authentication
Authentication refers to the presentation of proof of the user’s identity to the IT system or resource to which they are trying to log on. This proof can be in various forms, such as information that only the user knows (password, PIN), something he is (fingerprint, iris scanner), something he has (smart card, token, badge), or a combination of the above. Authentication is therefore the active act of the user during registration, in which he asserts his identity with proof.
Step 2 - Authentification
Authentification refer to the procedure for checking the assertion of identity and its result, in that the IT system compares it with the stored information on the asserted identity or consults a third, authorized party. Thus the access controls follow the authentication.
Step 3 -Authorization
The positive result of the authentication is followed by the “authorization”, which means the granting or the restriction to “certain rights”. Successful authentication does not automatically mean access to resources in the network.
A classic example of this is withdrawing cash from an ATM.
The customer authenticates himself with his combination of EC card (something he owns) and his PIN (something he knows).
If the information matches, the ATM authenticates the customer as the legitimate user of the bank account.
The bank customer is now authorized to withdraw an amount from his account. If the limit is exceeded, the process would be canceled due to a lack of authorization.