Access control is the process of making sure only the right people can access certain information, systems, or physical areas. One important characteristic is identification, in which a user must claim who they are, such as with a username or ID. The second is authentication, which confirms that identity using passwords, PINS, or biometrics. Another key characteristic is authorization, in which determines what a user is allowed to do once they are logged in. Finally, accountability ensures all user actions are tracked through logs and monitoring. There are also threats to access control. One common threat is password attacks, where attackers try to guess or steal login credentials. Another threat is social engineering, tricking users into giving up secure information. Privilege escalation is when an attacker gains higher access than they should. Lastly, insider threats happen when someone within the organization misuse their access on purpose or accidentally.