re: How to improve your npm identity security with 2FA and Tokens VIEW POST

FULL DISCUSSION
 

Isn't it authentication? Not authorization? The user is permitted to do such actions, like changing their profile. BUT they need to authenticate themselves first. Just wondering because 2FA is Two Factor Authentication. And there is Authentication apps, like Google Authenticator. You're using authentication to authorize an action?

Sometimes I have troubles with authentication and authorization, not because the words are very similar but they kinda hold each other's hands.

 
 

Thanks Tari. The lingo of "Authorization-only" and such is as the official npm docs are describing it. See: docs.npmjs.com/about-two-factor-au...

I agree that this is somewhat confusing.

code of conduct - report abuse