You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Validation and authentication are essential concepts for producing robust, secure programs. Validation ensures that data is reasonable and sensible before it is processed, while authentication verifies the identity of a user. Both are required for GCSE Computer Science (AQA 3.2 / OCR J277 2.2).
Validation is a check performed by a program to ensure that data entered by a user is reasonable, sensible, and within expected bounds. Validation does NOT check whether data is correct — it checks whether it is plausible.
Key Distinction: Validation checks if data is reasonable; verification checks if data is accurate (e.g. asking the user to type their email twice). Know the difference for the exam.
| Validation Type | What It Checks | Example |
|---|---|---|
| Range check | Value falls within a specified range | Age must be between 0 and 120 |
| Type check | Data is the correct data type | Age must be an integer, not text |
| Length check | Data has the correct number of characters | Password must be at least 8 characters |
| Presence check | Data has been entered (field is not empty) | Name field cannot be left blank |
| Format check | Data matches a required pattern | Email must contain @ and a domain |
| Lookup check | Data matches a value in a predefined list | Title must be Mr, Mrs, Miss, Ms, or Dr |
while True:
age = int(input("Enter your age (0-120): "))
if 0 <= age <= 120:
break
print("Invalid. Age must be between 0 and 120.")
In pseudocode:
REPEAT
OUTPUT "Enter your age (0-120):"
age ← INT(USERINPUT)
UNTIL age >= 0 AND age <= 120
while True:
password = input("Enter a password (8-20 characters): ")
if 8 <= len(password) <= 20:
break
print("Invalid. Password must be 8-20 characters long.")
while True:
name = input("Enter your name: ")
if len(name) > 0:
break
print("Name cannot be empty.")
while True:
user_input = input("Enter a whole number: ")
if user_input.isdigit():
number = int(user_input)
break
print("Invalid. Please enter a whole number.")
valid_titles = ["Mr", "Mrs", "Miss", "Ms", "Dr"]
while True:
title = input("Enter your title (Mr/Mrs/Miss/Ms/Dr): ")
if title in valid_titles:
break
print("Invalid title. Please try again.")
while True:
email = input("Enter your email: ")
if "@" in email and "." in email:
break
print("Invalid email format.")
In real programs, you often combine several validation checks:
def get_valid_password():
while True:
password = input("Create a password: ")
if len(password) < 8:
print("Too short — minimum 8 characters.")
elif not any(c.isupper() for c in password):
print("Must contain at least one uppercase letter.")
elif not any(c.isdigit() for c in password):
print("Must contain at least one digit.")
else:
return password
Authentication is the process of verifying a user's identity — confirming they are who they claim to be. The most common method is a username and password system.
stored_username ← "admin"
stored_password ← "Pass1234"
attempts ← 0
authenticated ← False
WHILE attempts < 3 AND authenticated = False
OUTPUT "Enter username:"
username ← USERINPUT
OUTPUT "Enter password:"
password ← USERINPUT
IF username = stored_username AND password = stored_password THEN
authenticated ← True
OUTPUT "Login successful."
ELSE
attempts ← attempts + 1
OUTPUT "Incorrect. Attempts remaining: ", 3 - attempts
ENDIF
ENDWHILE
IF authenticated = False THEN
OUTPUT "Account locked."
ENDIF
stored_username = "admin"
stored_password = "Pass1234"
attempts = 0
authenticated = False
while attempts < 3 and not authenticated:
username = input("Enter username: ")
password = input("Enter password: ")
if username == stored_username and password == stored_password:
authenticated = True
print("Login successful.")
else:
attempts += 1
print(f"Incorrect. Attempts remaining: {3 - attempts}")
if not authenticated:
print("Account locked.")
flowchart TD
A[Start login] --> B[Prompt username and password]
B --> C{Credentials match?}
C -->|Yes| D[Set authenticated = True]
D --> E[Grant access]
C -->|No| F[Increment attempts]
F --> G{Attempts less than 3?}
G -->|Yes| B
G -->|No| H[Lock account]
| Practice | Reason |
|---|---|
| Limit login attempts | Prevents brute-force attacks |
| Don't reveal which field is wrong | Saying "username or password incorrect" is safer than "password incorrect" |
| Hash passwords | Store a hash of the password, not the password itself (Higher Tier) |
| Use strong password rules | Require length, mixed case, digits, and symbols |
| Concept | Purpose | Example |
|---|---|---|
| Validation | Checks data is reasonable | Age must be 0–120 |
| Verification | Checks data is accurate | "Re-enter your email" |
| Authentication | Confirms user identity | Username + password login |
Exam Tip: These three terms are frequently confused. Learn the precise definitions — examiners will penalise you for mixing them up.
Wrapping validation in a subroutine makes it reusable.
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.