System Design Card 436 — Authentication and Security / Breakdown
Concern
Security concerns determine access, data exposure, auditability, and abuse surfaces. Sensitive notifications, file storage, and admin tooling all need explicit identity and authorization decisions.
What Breakdown means for this concern
In BASIC, the Breakdown step is where you clarify the product goal, workload shape, and non-functional requirement that will dominate the design. For Authentication and Security, that means the candidate should make this concern visible at the right moment instead of bolting it on at the end.
Design move
A good move is to split the problem before trying to solve it. Tie the concern back to the user flow, the workload, and the dominant trade-off. That keeps the design grounded and makes it easier for the interviewer to follow why a cache, queue, replica, partition, or rate limiter is actually necessary.
Common miss
The miss is leaving auth as a generic box and never saying what is being protected or how. BASIC helps because the staged flow keeps this concern proportional to the prompt and connected to the rest of the architecture.
BASIC prompt
“When I reach the Breakdown stage, how does Authentication and Security change the architecture, the trade-offs, or the review checklist?”