DEV Community

Discussion on: How to improve your npm identity security with 2FA and Tokens

Collapse
tarialfaro profile image
Tari R. Alfaro • Edited

Isn't it authentication? Not authorization? The user is permitted to do such actions, like changing their profile. BUT they need to authenticate themselves first. Just wondering because 2FA is Two Factor Authentication. And there is Authentication apps, like Google Authenticator. You're using authentication to authorize an action?

Sometimes I have troubles with authentication and authorization, not because the words are very similar but they kinda hold each other's hands.

Collapse
lirantal profile image
Liran Tal Author

Thanks Tari. The lingo of "Authorization-only" and such is as the official npm docs are describing it. See: docs.npmjs.com/about-two-factor-au...

I agree that this is somewhat confusing.

Collapse
tarialfaro profile image
Tari R. Alfaro

But hey! Thanks for the heads up. Nice article.