In this guest blog post, Ben Woelk, author of our new Cybersecurity for Communicators course, discusses two foundational cybersecurity concepts—authentication and authorisation, and how you can simplify their complexity.
As communicators and technical communicators, you play a key role in translating complex organisational processes into actionable, understandable information. This role is critical in cybersecurity.
Authentication: Proving Your Digital Identity
Authentication is the process of verifying a user’s, device’s, or process’ identity before granting any access.
Think of it as the digital equivalent of showing a passport or ID badge to gain entry to a secure building. It answers the question: “Are you who you claim to be?”
Common authentication methods you may need to explain include:
- Passwords/Passphrases:
Something you know
For many years, cybersecurity professionals emphasized the need for complex passwords. The industry has shifted to guidance to use longer, memorable passphrases over complex, short passwords. For example, “ItwasaDark215&StormyNight” is far stronger than “stormy”. (For a fun demonstration of this, enter both passwords into a password strength checker, such as the one provided by BitWarden, https://bitwarden.com/password-strength/) - Multi-Factor Authentication (MFA):
Something you know + something you have
Such as a one-time code on a mobile device or a physical security key. You should use MFA on every account where it’s available. MFA isn’t perfect, but it is the single biggest defense against having your password compromised. - Biometric Authentication:
Something you are
Fingerprint, facial recognition, etc. - Single Sign-On (SSO):
Using one set of credentials to securely access multiple, different systems, streamlining the user experience.
Tip for Communicators:
When writing instructions or policies, be clear about which authentication method is mandatory and, most importantly: why. Using plain language and real-world analogies helps users immediately grasp the importance of strong security measures.
Authorisation: What You Are Allowed to Do
Authorisation determines precisely what actions a verified user can perform or what information they can access after their identity has been authenticated.
If authentication is showing your ID at the gate, authorisation is the security guard checking the permissions on your ID to see which specific rooms or floors your badge allows you to enter. It answers the question: “What am I permitted to do?”
Key Authorisation Models to understand:
- Role-Based Access Control (RBAC):
This is a preferred model. Permissions are assigned based on a user’s role within the organisation (for example: Editor, Viewer, Admin). - Discretionary Access Control (DAC):
The owner of the resource or file decides who can access it and what they can do. - Mandatory Access Control (MAC):
The system strictly enforces access rules based on predefined security labels, often used in highly regulated or sensitive environments.
Tip for Technical Communicators:
When documenting systems or software, clarify who has access to what, and why. Tables, flowcharts, or simple diagrams showing roles and their corresponding permissions are invaluable for clarity and compliance.
Key Takeaways for Translating Cyber Concepts
- Authentication = Who you are. (Proof of Identity)
- Authorisation = What you can do. (Granted Permissions)
- Always use plain language and universally relatable examples to bridge the gap between cybersecurity experts and end-users.
- Strong authentication and clear authorisation policies are fundamental to protecting users, customers, and organisations across the globe.
Interested in learning more on this growing need? The Firehead Training Academy has a new Cybersecurity for Communicators course by Cybersecurity expert Ben Woelk that can start you on your journey to creating secure communication in the digital age.
Our next cohort starts 14 January and goes once a week on Wednesdays until 18 February.
You can also download our free resource Cybersecurity Checklist for Technical Communicators by Ben Woelk.
Contact us here with any questions or if we can help you at all.
Hope to see you soon!
Firehead. Visionaries of potential.
