Authentication and access control

Terms related to authentication, including security definitions about passwords and words and phrases about proving identity.
  • Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.
  • principle of least privilege (POLP) - The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs.
  • private CA (private PKI) - A private CA is an enterprise-specific certificate authority that functions like a publicly trusted CA.
  • privilege creep - Privilege creep is the gradual accumulation of access rights beyond what individuals need to do their job.
  • privileged access management (PAM) - Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization's critical information and resources.
  • privileged identity management (PIM) - Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an organization's IT environments.
  • Protected Extensible Authentication Protocol (PEAP) - Protected Extensible Authentication Protocol (PEAP) is a security protocol commonly used to protect wireless networks.
  • public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • quantum cryptography - Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data.
  • RADIUS (Remote Authentication Dial-In User Service) - RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
  • rainbow table - A rainbow table is a password hacking tool that uses a precomputed table of reversed password hashes to crack passwords in a database.
  • RAT (remote access Trojan) - A RAT (remote access Trojan) is malware an attacker uses to gain full administrative privileges and remote control of a target computer.
  • Real ID - Real ID is a driver's license that complies with standards mandated by the United States Real ID Act of 2005.
  • real-time location system (RTLS) - A real-time location system (RTLS) is one of a number of technologies used to pinpoint the current geographic position and location of a target.
  • Report on Compliance (ROC) - A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.
  • retina scan - Retina scanning is a biometric authentication technology that uses an image of an individual's retinal blood vessel pattern as a unique identifying trait for access to secure installations.
  • reverse brute-force attack - A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.
  • risk-based authentication (RBA) - Risk-based authentication (RBA) is an authentication method in which varying levels of stringency are applied to a system’s authentication process based on the likelihood that access to that system could result in its compromise.
  • role mining - Role mining is the process of analyzing user-to-resource mapping data to determine or modify user permissions for role-based access control (RBAC) in an enterprise.
  • Security Accounts Manager - The Security Accounts Manager (SAM) is a database file in the Microsoft Windows operating system that contains usernames and passwords.
  • Security Assertion Markup Language (SAML) - Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
  • security awareness training - Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • self-sovereign identity - Self-sovereign identity (SSI) is a model for managing digital identities in which individuals or businesses have sole ownership over the ability to control their accounts and personal data.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • Shared Key Authentication (SKA) - Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • soft token - A soft token is a software-based security token that generates a single-use login personal identification number (PIN).
  • software-defined perimeter (SDP) - A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources.
  • SPML (Services Provisioning Markup Language) - Services Provisioning Markup Language (SPML) is an open source XML-based standard that facilitates the exchange of account provisioning information among applications, services and organizations.
  • strong authentication - Although it is not a standardized term, with set criteria, strong authentication can be said to be any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects by withstanding any attacks it is likely to encounter.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • three-factor authentication (3FA) - Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories.
  • time-based one-time password - A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Transport Layer Security (TLS) - Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on a device designed to secure hardware with cryptographic keys.
  • two-step verification - Two-step verification is a process that involves two authentication steps performed one after the other to verify that someone or something requesting access is who or what they say they are.
  • Universal 2nd Factor (U2F) - Universal 2nd Factor (U2F) is a type of physical authentication device that uses encryption and private keys to protect and unlock supported accounts.
  • user account provisioning - User account provisioning is a business process for creating and managing access to resources in an information technology (IT) system.
  • user authentication - User authentication verifies the identity of a user attempting to gain access to a network or computing resource by authorizing a human-to-machine transfer of credentials during interactions on a network to confirm a user's authenticity.
  • WebAuthn API - The Web Authentication API (WebAuthn API) is a credential management application program interface (API) that lets web applications authenticate users without storing their passwords on servers.
  • What is a cloud access security broker (CASB)? - A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.
  • What is a Consensus Algorithm? - A consensus algorithm is a process in computer science used to achieve agreement on a single data value among distributed processes or systems.
  • What is a unique identifier (UID)? - A unique identifier (UID) is a numeric or alphanumeric string that is associated with a single entity within a given system.
  • What is access control? - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is identity and access management? Guide to IAM - Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
  • What is identity governance and administration (IGA)? - Identity governance and administration (IGA) is the collection of processes and practices used to manage user digital identities and their access throughout the enterprise.
  • What is information rights management (IRM)? - Information rights management (IRM) is a discipline that involves managing, controlling and securing content from unwanted access.
  • What is LDAP (Lightweight Directory Access Protocol)? - LDAP (Lightweight Directory Access Protocol) is a software protocol used for locating data about organizations, individuals and other resources, such as files and devices, on public and corporate networks.
  • What is passive keyless entry (PKE)? - Passive keyless entry (PKE) is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and locking it when the user walks away or touches the car on exit.
  • What is SSH (Secure Shell) and How Does It Work? - SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network.
  • What is tailgating (piggybacking)? - Tailgating, sometimes referred to as piggybacking, is a type of physical security breach in which an unauthorized person follows an authorized individual to enter secured premises while avoiding detection by an electronic or human access control (or alarm) system.
  • What is the zero-trust security model? - The zero-trust security model is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they need to do their jobs.
  • What is two-factor authentication (2FA)? - Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.
  • What is voice recognition and how does it work? - Voice or speaker recognition is the ability of a machine or program to receive and interpret dictation or to understand and perform spoken commands.
  • WLAN Authentication and Privacy Infrastructure (WAPI) - WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government.
  • XACML (Extensible Access Control Markup Language) - XACML (Extensible Access Control Markup Language) is an attribute-based access control policy language (ABAC) or XML-based language, designed to express security policies and access requests to information.
  • YubiKey - YubiKey is a security token that enables users to add a second authentication factor to online services from tier 1 vendor partners, including Google, Amazon, Microsoft and Salesforce.