System Design Card 437 — Authentication and Security / Assess
Concern
Security concerns determine access, data exposure, auditability, and abuse surfaces. Sensitive notifications, file storage, and admin tooling all need explicit identity and authorization decisions.
What Assess means for this concern
In BASIC, the Assess step is where you identify the main architectural pressures and choose which trade-offs are actually important. For Authentication and Security, that means the candidate should make this concern visible at the right moment instead of bolting it on at the end.
Design move
A good move is to compare plausible approaches before committing. Tie the concern back to the user flow, the workload, and the dominant trade-off. That keeps the design grounded and makes it easier for the interviewer to follow why a cache, queue, replica, partition, or rate limiter is actually necessary.
Common miss
The miss is leaving auth as a generic box and never saying what is being protected or how. BASIC helps because the staged flow keeps this concern proportional to the prompt and connected to the rest of the architecture.
BASIC prompt
“When I reach the Assess stage, how does Authentication and Security change the architecture, the trade-offs, or the review checklist?”