System Design Card 438 — Authentication and Security / Structure
Concern
Security concerns determine access, data exposure, auditability, and abuse surfaces. Sensitive notifications, file storage, and admin tooling all need explicit identity and authorization decisions.
What Structure means for this concern
In BASIC, the Structure step is where you turn the chosen trade-offs into a clear high-level architecture and request flow. For Authentication and Security, that means the candidate should make this concern visible at the right moment instead of bolting it on at the end.
Design move
A good move is to make the plan visible before full execution. Tie the concern back to the user flow, the workload, and the dominant trade-off. That keeps the design grounded and makes it easier for the interviewer to follow why a cache, queue, replica, partition, or rate limiter is actually necessary.
Common miss
The miss is leaving auth as a generic box and never saying what is being protected or how. BASIC helps because the staged flow keeps this concern proportional to the prompt and connected to the rest of the architecture.
BASIC prompt
“When I reach the Structure stage, how does Authentication and Security change the architecture, the trade-offs, or the review checklist?”