System Design Card 440 — Authentication and Security / Check
Concern
Security concerns determine access, data exposure, auditability, and abuse surfaces. Sensitive notifications, file storage, and admin tooling all need explicit identity and authorization decisions.
What Check means for this concern
In BASIC, the Check step is where you review the design for bottlenecks, failure modes, security gaps, observability, and cost. For Authentication and Security, that means the candidate should make this concern visible at the right moment instead of bolting it on at the end.
Design move
A good move is to review and stress-test before you hand the answer over. Tie the concern back to the user flow, the workload, and the dominant trade-off. That keeps the design grounded and makes it easier for the interviewer to follow why a cache, queue, replica, partition, or rate limiter is actually necessary.
Common miss
The miss is leaving auth as a generic box and never saying what is being protected or how. BASIC helps because the staged flow keeps this concern proportional to the prompt and connected to the rest of the architecture.
BASIC prompt
“When I reach the Check stage, how does Authentication and Security change the architecture, the trade-offs, or the review checklist?”