wwc2025 /Cyber for Beginners

Identity & Access Basics

Identity and access control with least privilege

Two key words

  • Authentication: proving who you are (login)
  • Authorization: what you are allowed to do (permissions)

Least privilege

People should have only the access they need to do their job.

Why this matters:

  • Reduces damage from mistakes
  • Reduces damage from stolen accounts

Passwords: the reality

  • People reuse passwords
  • Phishing steals passwords
  • Password managers help a lot

MFA: the practical benefit

MFA makes stolen passwords less useful. It does not automatically stop all phishing.

Activity (10 minutes)

Choose a setting (school, small business, lab).

List 4 roles and the minimum access each needs:

  • Role 1:
  • Role 2:
  • Role 3:
  • Role 4:

Identify one common access that is too broad:

  • Over-granted access:
  • Safer alternative:
← Web Basics (HTTP/S) for Cyber Crypto Mental Models →