Authentication is the process of identifying who the user is, whereas authorization is the process of verifying what the authenticated user has access to. The most common way of achieving authentication is by asking users to specify their username and password that can then be validated against the backend database of user credentials.
The passwords should never be stored in plaintext in the backend database. It is recommended to compute a one-way hash of the password and store that instead. To reset the password, the system can just generate a random password, store its hash, and share the random password in plaintext with the user. Alternatively, a unique URL can be sent to the user to reset the password through a form that can validate a user's identity via methods such as preset questions and answers and one-time password (OTP).
Authenticating the users is not enough for an application if the application has multiple security boundaries. For example...