Browse Definitions :

Authentication and access control

Terms related to authentication, including security definitions about passwords and words and phrases about proving identity.

ACC - MUL

  • acceptable use policy (AUP) - An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.
  • access control - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • access control list (ACL) - An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular object or system resource.
  • access governance (AG) - Access governance (AG) is an aspect of information technology (IT) security management that seeks to reduce the risks associated with excessive access rights, inactive users and orphan accounts.
  • active attack - An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.
  • Active Directory Domain Services (AD DS) - Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database.
  • Active Directory Federation Services (AD FS) - Active Directory Federation Services (AD FS) is a feature of the Windows Server operating system (OS) that extends end users' single sign-on (SSO) access to applications and systems outside the corporate firewall.
  • Active Directory functional levels - Active Directory functional levels are controls that specify which advanced Active Directory domain features can be used in an enterprise domain.
  • active man-in-the-middle attack (MitM) - Active man-in-the-middle (MitM) is an attack method that allows an intruder to access sensitive information by intercepting and altering communications between the user of a public network and a requested website.
  • Amazon Cognito - Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices.
  • authentication - Authentication is the process of determining whether someone or something is, in fact, who or what it says it is.
  • authentication factor - An authentication factor is a category of credential used for identity verification.
  • authentication server - An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.
  • authentication ticket or ticket-granting ticket (TGT) - An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process.
  • authentication, authorization, and accounting (AAA) - Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
  • Automatic Identification and Data Capture (AIDC) - Automatic Identification and Data Capture (AIDC) is a broad set of technologies used to collect information from an object, image or sound without manual data entry.
  • behavioral biometrics - Behavioral biometrics are based on human activity such as typing patterns.
  • biometric payment - Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
  • biometric verification - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • biometrics - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • brute-force attack - A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.
  • BYOI (bring your own identity) - BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password is managed by a third party such as Facebook, Twitter, LinkedIn, Google+ or Amazon.
  • CA Privileged Access Manager - CA Privileged Access Manager is a product, available as a rack-mounted hardware appliance or a virtual appliance, that tracks and secures the usage of logins involving access to administrative control or sensitive information.
  • card dipping (EMV card dipping) - Dipping can be contrasted with swiping.
  • channel partner portal - A channel partner portal is a web-based application that provides a vendor's established partners (usually distributors, resellers, service providers or other strategic partners) with access to deal registration, marketing resources, pricing and sales information for products and services, as well as technical details and support that are unavailable to other end users.
  • CHAP (Challenge-Handshake Authentication Protocol) - CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user.
  • claims-based identity - Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.
  • cloud security - Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
  • cloud workload protection (cloud workload security) - Cloud workload protection is a process of safeguarding workloads spread out across multiple cloud environments.
  • common access card (CAC) - A common access card (CAC) is a Unites States Department of Defense (DoD) smart card for multifactor authentication.
  • connection broker - In desktop virtualization, a connection broker is a software program that allows the end-user to connect to an available desktop.
  • Consensus Algorithm - A consensus algorithm is a process in computer science used to achieve agreement on a single data value among distributed processes or systems.
  • continuous authentication - Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.
  • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.
  • credential stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login.
  • credential theft - Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business.
  • cryptogram - A cryptogram is a word puzzle featuring encrypted text that the user decrypts to reveal a message of some sort.
  • deprovisioning - Deprovisioning is the process of removing access to a system from an end user who will no longer be utilizing that system.
  • digest authentication - Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller.
  • digital identity - A digital identity is the body of information about an individual, organization or electronic device that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • disposable email - What is a disposable email?Disposable email is a service that allows a registered user to receive email at a temporary address that expires after a certain time period elapses.
  • Duo Security - Duo Security is a vendor of cloud-based two-factor authentication products.
  • dynamic multipoint VPN (DMVPN) - A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites/routers without passing traffic through an organization's virtual private network (VPN) server or router located at its headquarters.
  • e-signature - An e-signature (electronic signature) is a digital version of a traditional pen and ink signature.
  • EMV card - An EMV card is a credit or debit card with an embedded computer chip and associated technology designed to enable secure payment at compatible point of sale (POS) terminals; EMV stands for Europay, Mastercard and Visa, the three companies responsible for the standard.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • endpoint authentication (device authentication) - Endpoint authentication is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service.
  • enhanced driver's license (EDL) - An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license, includes an RFID tag that allows officials to pull up the owner's biographical and biometric data.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • EV SSL certificate (Extended Validation SSL certificate) - An EV SSL certificate (Extended Validation SSL certificate) is a digital identity authentication solution used by HTTPS websites to provide the highest level of security by verifying the identity of a website owner or operator.
  • Extensible Authentication Protocol (EAP) - The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.
  • facial recognition - Facial recognition is a category of biometric software that maps an individual's facial features mathematically and stores the data as a faceprint.
  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FIDO (Fast Identity Online) - FIDO (Fast ID Online) is a set of technology-agnostic security specifications for strong authentication.
  • finger vein ID - Finger vein ID is a biometric authentication system that matches the vascular pattern in an individual's finger to previously obtained data.
  • Firesheep - Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks.
  • four-factor authentication (4FA) - Four-factor authentication (4FA) is the use of four types of identity-confirming credentials, typically categorized as knowledge, possession, inherence and location factors.
  • fraud detection - Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.
  • full-disk encryption (FDE) - What is full-disk encryption (FDE)?Full-disk encryption (FDE) is encryption at the hardware level.
  • Google Authenticator - Google Authenticator is a security application used to verify user identities before granting access to websites and services.
  • grid authentication - Grid authentication is a method of ensuring that an end user is who he claims to be by requiring him to enter values from specific cells in a grid whose content should be only accessible to him and the service provider.
  • gummy bear hack - A gummy bear hack is an attempt to fool a biometric fingerprint scanner by using a gelatin-based candy to hold a fingerprint.
  • hardware security module (HSM) - A hardware security module (HSM) is a physical device that provides extra security for sensitive data.
  • Hash-based Message Authentication Code (HMAC) - Hash-based Message Authentication Code (HMAC) is a message authentication code that uses a cryptographic key in conjunction with a hash function.
  • Honey Encryption - Honey Encryption is a security tool that makes it difficult for an attacker who is carrying out a brute force attack to know if he has correctly guessed a password or encryption key.
  • identity as a Service (IDaaS) - Identity as a Service (IDaaS) is an authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • identity management (ID management) - Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources.
  • identity provider - An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • inherence factor - The inherence factor, in a security context, is a category of user authentication credentials consisting of elements that are integral to the individual in question, in the form of biometric data.
  • initialization vector (IV) - An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption.
  • invocation ID - An invocation ID is an ID number that identifies databases within Active Directory and changes as AD is in a restore process.
  • iris recognition - Iris recognition is a method of identifying people based on unique patterns within the ring-shaped region surrounding the pupil of the eye.
  • ISO/IEC 38500 - ISO/IEC 38500 is an international standard created to guide corporate governance of information technology (IT).
  • Java Authentication and Authorization Service (JAAS) - The Java Authentication and Authorization Service (JAAS) is a set of application program interfaces (APIs) that can determine the identity of a user or computer attempting to run Java code, and ensure that the entity has the privilege or permission to execute the functions requested.
  • John the Ripper - John the Ripper is a popular free password cracking tool that combines several different cracking programs and runs in both brute force and dictionary attack modes.
  • Just Enough Administration (JEA) - Just Enough Administration (JEA) is a PowerShell toolkit designed to help an organization reduce risk by restricting IT administrative rights.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • key-value pair (KVP) - A key-value pair (KVP) is a set of two linked data items: a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointer to the location of that data.
  • keystroke dynamics - Keystroke dynamics are the patterns of rhythm and timing created when a person types.
  • knowledge factor - The knowledge factor, in a security context, is a category of authentication credentials consisting of information that the user possesses, such as a personal identification number (PIN), a user name, a password or the answer to a secret question.
  • LDAP injection - LDAP (Lightweight Directory Access Protocol) injection is a type of security exploit that is used to compromise the authentication process used by some websites.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • machine authentication - Machine authentication is the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.
  • man-in-the-disk (MITD) attack - Man-in-the-disk (MITD) is an attack vector that allows an intruder to intercept and potentially alter data as it moves between Android external storage and an installed app.
  • man-in-the-middle attack (MitM) - A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • mandatory access control (MAC) - Mandatory access control (MAC) is a system-controlled policy restricting access to resource objects (such as data files, devices, systems, etc.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • message authentication code (MAC) - A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.
  • micropayment - A micropayment is an e-commerce transaction involving a very small sum of money in exchange for something made available online, such as an application download, a service or Web-based content.
  • Microsoft Group Policy administrative template - A Microsoft Group Policy administrative template is a file that supports the implementation of Microsoft Windows Group Policy and centralized user and machine management in Active Directory environments.
  • Microsoft Network Access Protection (NAP) - Network access protection (NAP), introduced with Windows Server 2008, is Microsoft’s approach to controlling access to a network based on a determination of each device’s health.
  • Microsoft Network Device Enrollment Service (NDES) - Microsoft Network Device Enrollment Service (NDES) is a security feature in Windows Server 2008 R2 and later Windows Server operating versions.
  • Microsoft Windows Azure Active Directory (Windows Azure AD) - Microsoft Windows Azure Active Directory (Windows Azure AD or Azure AD) is a cloud service that provides administrators with the ability to manage end-user identities and access privileges.
  • Microsoft Windows Hello - Microsoft Windows Hello is a biometric identity and access control feature that supports fingerprint scanners, iris scanners and facial recognition technology on compatible devices running Windows.
  • mimikatz - Mimikatz is an open source malware program used by hackers and penetration testers to gather credentials on Windows computers.
  • mobile authentication - Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access.
SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
  • Domain-based Message Authentication, Reporting and Conformance (DMARC)

    The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet ...

  • data breach

    A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an...

  • insider threat

    An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.

SearchCIO
  • data privacy (information privacy)

    Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, ...

  • leadership skills

    Leadership skills are the strengths and abilities individuals demonstrate that help to oversee processes, guide initiatives and ...

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

SearchHRSoftware
SearchCustomerExperience
  • recommerce

    Recommerce is the selling of previously owned items through online marketplaces to buyers who reuse, recycle or resell them.

  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

Close