System Design Card 439 — Authentication and Security / Implement
Concern
Security concerns determine access, data exposure, auditability, and abuse surfaces. Sensitive notifications, file storage, and admin tooling all need explicit identity and authorization decisions.
What Implement means for this concern
In BASIC, the Implement step is where you walk the design into existence in a controlled order, deepening the risky parts first. For Authentication and Security, that means the candidate should make this concern visible at the right moment instead of bolting it on at the end.
Design move
A good move is to transcribe the plan instead of improvising. Tie the concern back to the user flow, the workload, and the dominant trade-off. That keeps the design grounded and makes it easier for the interviewer to follow why a cache, queue, replica, partition, or rate limiter is actually necessary.
Common miss
The miss is leaving auth as a generic box and never saying what is being protected or how. BASIC helps because the staged flow keeps this concern proportional to the prompt and connected to the rest of the architecture.
BASIC prompt
“When I reach the Implement stage, how does Authentication and Security change the architecture, the trade-offs, or the review checklist?”