Browse Definitions :

Authentication, access control

Terms related to authentication, including security definitions about passwords and words and phrases about proving identity.

MUL - ZER

  • multifactor authentication (MFA) - Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
  • multifactor token - Multifactor tokens are security tokens that use more than one category of credential to confirm user authentication.
  • multisig (multisignature) - Multisig, also referred to as multi-signature, describes the requirement of obtaining two or more signatures to authorize or execute a transaction.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • national identity card - A national identity card is a portable document, typically a plasticized card with digitally-embedded information, that someone is required or encouraged to carry as a means of confirming their identity.
  • OAuth - OAuth (Open Authorization) is an open protocol for token-based authentication and authorization on the Internet.
  • one-time password (OTP) - A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
  • one-time password token (OTP token) - A one-time password token (OTP token) is a security hardware device or software program that is capable of producing a single-use password or PIN passcode.
  • OneID - OneID is a digital identity management service that provides a repository for usernames and passwords, eliminating the need for people to remember numerous arcane character sequences.
  • open redirect - Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • OpenID (OpenID Connect) - OpenID is an open specification for authentication and single sign-on.
  • orphan account - An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.
  • out-of-band authentication - Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password.
  • palm print recognition - Palm print recognition is a biometric authentication method based on the unique patterns of various characteristics in the palms of people’s hands.
  • palm vein recognition - Palm vein recognition is a biometric authentication method based on the unique patterns of veins in the palms of people’s hands.
  • pass the hash attack - A pass the hash attack is an NT LAN Manager (NTLM)-based technique in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick a Windows-based authentication system into creating a new authenticated session on the same network.
  • password - A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user.
  • password blacklist - A password blacklist is a list of words disallowed as user passwords due to their commonplace use.
  • password cracker - A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.
  • password entropy - Password entropy is a measurement of how unpredictable a password is.
  • password strength meter - A password strength meter is an indicator, either in graphical or text form, of the strength of a password as entered by a user.
  • password synchronization - Password synchronization is an authentication process that coordinates user passwords across various computers and computing devices so a user only has to remember a single password instead of multiple passwords for different machines or devices.
  • PEAP (Protected Extensible Authentication Protocol) - PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • perfect forward secrecy (PFS) - Perfect Forward Secrecy (PFS), also known as Forward Secrecy, is an encryption style known for producing temporary private key exchanges between clients and servers.
  • personal identity verification (PIV) card - A personal identity verification (PIV) card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications.
  • physiognomy - Physiognomy is a pseudoscience based on associating personal characteristics and traits with physical differences, and especially with elements of people's faces.
  • PIN lock - The PIN lock is an authentication measure for mobile phones that requires the entry of a personal identification number (PIN) code before a device can be used.
  • possession factor - The possession factor, in a security context, is a category of user authentication credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with a software token.
  • private CA (private PKI) - Private CA stands for private certification authority and is an enterprise specific CA that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
  • privilege bracketing - Privilege bracketing is the practice of limiting temporarily increased permission levels to the briefest possible time period.
  • privilege creep - Privilege creep is the gradual accumulation of access rights beyond what an individual needs to do his job.
  • privileged access management (PAM) - Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.
  • pseudo-anonymity - Pseudo-anonymity is the appearance – but not the reality--of anonymity online.
  • pseudonymity - Pseudonymity is the near-anonymous state in which a user has a consistent identifier that is not their real name: a pseudonym.
  • rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
  • RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
  • Real ID - Real ID is a driver's license that complies with standards mandated by the United States Real ID Act of 2005.
  • real-time location system (RTLS) - A real-time location system (RTLS) is one of a number of technologies used to pinpoint the current geographic position and location of a target.
  • Remote Access server role - Remote Access is a server role in Microsoft Windows Server 2012 and Windows Server 2012 R2 and offers administrators a central point for administering, configuring and monitoring factors related to network access.
  • remote deposit capture (RDC) - Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection.
  • remote keyless entry (RKE) - Remote keyless entry (RKE) is an electronic access system that can be controlled from a distance.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit.
  • retina scan - Retina scanning is a biometric verification technology that uses an image of an individual’s retinal blood vessel pattern as a unique identifying trait for access to secure installations.
  • risk-based authentication (RBA) - Risk-based authentication (RBA) is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised.
  • RODC (read-only domain controller) - A read-only domain controller (RODC) is a domain controller that hosts an Active Directory database's read-only partitions.
  • role mining - Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise.
  • rolling code - Rolling code, also known as hopping code, is an encryption technique commonly used to provide a fresh code for each use of a passive keyless entry (PKE) system.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs.
  • self-sovereign identity - Self-sovereign identity (SSI) is a model for managing digital identities in which an individual or business has sole ownership over the ability to control their accounts and personal data.
  • selfie pay authentication - Selfie pay is a form of biometric authentication for financial transactions that confirms a person's identity by using facial recognition technology.
  • session replay script - A session replay script is a program that enables the recording of website users’ keystrokes, clicks, mouse movements and scrolling behavior, along with the full contents of the pages they visit, and sends them to third-party servers.
  • shadow password file - In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • shared secret - A shared secret is data known to only the two entities involved in a communication so that either party's possession of that data can be provided as proof of identity for authentication.
  • signature analysis - Signature analysis has two meanings.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.
  • single-factor token - A single-factor token is a small hardware device that produces one confirming credential for user authentication; the devices may be used in conjunction with other types of credentials for multifactor authentication.
  • smart label - A smart label is a slip of paper, plastic or other material on a product that contains an RFID tag in addition to bar code data.
  • social login - Social login is a single sign-on (SSO) that allows users to authenticate themselves on various applications and sites by connecting through a social networking site rather than typing a separate ID and password on each website.
  • soft token - A soft token is a software-based security token that generates a single-use login PIN.
  • software-defined perimeter (SDP) - Software-defined perimeter (SDP) is a security framework developed by the Cloud Security Alliance (CSA) that controls access to resources based on identity.
  • strong authentication - Although it is not a standardized term, with set criteria, strong authentication can be said to be any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter.
  • strong password - A strong password is one that is designed to be hard for a person or program to discover.
  • tailgating (piggybacking) - Tailgating, sometimes referred to as piggybacking, is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.
  • TAN (transaction authentication number) - A transaction authentication number (TAN) is a type of single-use password used for an online banking transaction in conjunction with a standard ID and password.
  • threat ignorance - Threat ignorance is a concept used by security professionals to determine the level of vulnerability a company or user’s computer or system has to an attack.
  • three-factor authentication (3FA) - Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors – typically, the knowledge, possession and inherence categories.
  • time-based one-time password (TOTP) - A time-based one-time password (TOTP) is a temporary code, generated by an algorithm, for use in authenticating access to computer systems.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • two-factor authentication (2FA) - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access.
  • two-step verification - Two-step verification requires the sequential use of two authentication methods to verify that someone or something is who or what they are declared to be.
  • UK Identity Cards Act - The UK Identity Cards Act is a framework of enabling legislation for a British National Identity card passed in 2006.
  • unique identifier (UID) - A unique identifier (UID) is a numeric or alphanumeric string that is associated with a single entity within a given system.
  • Universal 2nd Factor (U2F) - Universal 2nd Factor (U2F) is a type of physical authentication device that uses encryption and private keys to protect and unlock supported accounts.
  • universal authentication - Universal authentication is a network identity-verification method that allows users to move from site to site securely without having to enter identifying information multiple times.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
  • user authentication - User authentication is the verification of an active human-to-machine transfer of credentials required for confirmation of a user’s authenticity; the term contrasts with machine authentication, which involves automated processes that do not require user input.
  • voice activation detection (VAD) - In Voice over IP (VOiP), voice activation detection (VAD) is a software application that allows a data network carrying voice traffic over the Internet to detect the absence of audio and conserve bandwidth by preventing the transmission of "silent packets" over the network.
  • voice authentication - Voice authentication is a biometric method of speaker recognition based on measuring the distinctions in individual voices to uniquely identify users.
  • voice ID (voice authentication) - Voice ID (sometimes called voice authentication) is a type of user authentication that uses voiceprintbiometrics, voice ID relies on the fact that vocal characteristics, like fingerprints and the patterns of people's irises, are unique for each individual.
  • voice recognition (speaker recognition) - Voice or speaker recognition is the ability of a machine or program to receive and interpret dictation or to understand and carry out spoken commands.
  • voice signature - A voice signature is a type of electronic signature that uses an individual’s recorded verbal agreement in place of a handwritten signature.
  • voiceprint - A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual.
  • VOIPSA (Voice over IP Security Alliance) - VOIPSA (Voice over IP Security Alliance) is a cross-industry coalition of individuals and organizations from the security and VoIP communications sectors.
  • Weave - Weave is a set of browser enhancements and associated services from Mozilla Labs that allow users to store personal information on Mozilla servers.
  • website security question - An internet security question is a backup measure used to authenticate the user of a website or an application in the event that they have forgotten their user name and/or password.
  • wiretap Trojan - A wiretap Trojan is a program that surreptitiously records VoIP calls.
  • YubiKey - YubiKey is an authentication device that allows users to securely log into their email, online services, computers and applications using one-time passwords, static passwords or FIDO-based public and private key pairs.
  • zero-trust model (zero trust network) - The zero trust model is a security model used by IT professionals that requires strict identity and device verification regardless of the user’s location in relation to the network perimeter.

-ADS BY GOOGLE

SearchCompliance

SearchSecurity

  • computer worm

    A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining ...

  • Single Sign-On (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., ...

  • Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

  • VRAM (video RAM)

    VRAM (video RAM) is a reference to any type of random access memory (RAM) used to store image data for a computer display.

  • Kilo, mega, giga, tera, peta, exa, zetta and all that

    Kilo, mega, giga, tera, peta, exa, zetta are among the list of prefixes used to denote the quantity of something, such as a byte ...

  • flash memory

    Flash memory, also known as flash storage, is a type of nonvolatile memory that erases data in units called blocks.

Close