re: How to improve your npm identity security with 2FA and Tokens VIEW POST


Isn't it authentication? Not authorization? The user is permitted to do such actions, like changing their profile. BUT they need to authenticate themselves first. Just wondering because 2FA is Two Factor Authentication. And there is Authentication apps, like Google Authenticator. You're using authentication to authorize an action?

Sometimes I have troubles with authentication and authorization, not because the words are very similar but they kinda hold each other's hands.


Thanks Tari. The lingo of "Authorization-only" and such is as the official npm docs are describing it. See: docs.npmjs.com/about-two-factor-au...

I agree that this is somewhat confusing.


But hey! Thanks for the heads up. Nice article.

Code of Conduct Report abuse