Authentication verifies who you are (identity), while authorization determines what you're allowed to do (permissions). They're distinct but related — authentication comes first (prove identity), then authorization (check permissions). Confusing them is a common mistake.
Authentication — who are you?
AUTHENTICATION (AuthN) verifies IDENTITY — confirming you are who you claim to be:
→ login with credentials (password), tokens, biometrics, multi-factor (MFA)
→ "Prove you are Ann" → the system confirms your identity
→ answers: WHO are you?
