What changes after this module
Learn why identity proof, access rules, and least privilege matter more than simply adding another login screen.
Outcome promise
- Explain the difference between authentication and authorisation.
- Describe why least privilege and session control reduce common security failures.
Core model
Use the diagram and terms below as the minimum model you should be able to explain after this module. If you cannot explain the model in plain language, pause here before you move on.
Key terms
- Authentication
- Checking who or what is requesting access.
- Authorisation
- Deciding what that identity is allowed to do.
Check yourself
Answer the prompt before you reveal the check. If you cannot answer it in your own words, revisit the model and the terms once more.
Quick check
Why is strong login alone not enough for safe access?
Reveal the answer check
Because you still need to control what the identity can reach, how long access lasts, and whether the context still looks safe.
Reflection and evidence
Keep the evidence small. One honest reflection and one small artefact is enough to show that the learning changed how you describe, check, or design something.
Reflection prompt
Pick one shared system. Where is access broader than it probably needs to be?
Artefact
A simple identity flow note with one privilege reduction or session improvement.
Optional deeper practice
Use the workspace to map one access journey from sign-in to action and mark where you would tighten control.
Move through the course
Keep the flow predictable. Stay with the stage sequence unless you have a clear reason to jump around.