Browse Definitions :

Authentication and access control

Terms related to authentication, including security definitions about passwords and words and phrases about proving identity.

ACC - PAS

  • acceptable use policy (AUP) - An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.
  • access control - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • access control list (ACL) - An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular object or system resource.
  • active attack - An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.
  • Active Directory Domain Services (AD DS) - Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database.
  • Active Directory Federation Services (AD FS) - Active Directory Federation Services (AD FS) is a feature of the Windows Server operating system (OS) that extends end users' single sign-on (SSO) access to applications and systems outside the corporate firewall.
  • Active Directory functional levels - Active Directory functional levels are controls that specify which advanced Active Directory domain features can be used in an enterprise domain.
  • Amazon Cognito - Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices.
  • authentication - Authentication is the process of determining whether someone or something is, in fact, who or what it says it is.
  • authentication factor - An authentication factor is a category of credential used for identity verification.
  • authentication server - An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.
  • authentication, authorization, and accounting (AAA) - Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
  • Automatic Identification and Data Capture (AIDC) - Automatic Identification and Data Capture (AIDC) is a broad set of technologies used to collect information from an object, image or sound without manual data entry.
  • behavioral biometrics - Behavioral biometrics are based on human activity such as typing patterns.
  • biometric payment - Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
  • biometric verification - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • biometrics - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • brute-force attack - A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.
  • BYOI (bring your own identity) - BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password is managed by a third party such as Facebook, Twitter, LinkedIn, Google+ or Amazon.
  • card dipping (EMV card dipping) - Dipping can be contrasted with swiping.
  • channel partner portal - A channel partner portal is a web-based application that provides a vendor's established partners (usually distributors, resellers, service providers or other strategic partners) with access to deal registration, marketing resources, pricing and sales information for products and services, as well as technical details and support that are unavailable to other end users.
  • CHAP (Challenge-Handshake Authentication Protocol) - CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user.
  • claims-based identity - Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.
  • cloud security - Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
  • cloud workload protection (cloud workload security) - Cloud workload protection is a process of safeguarding workloads spread out across multiple cloud environments.
  • common access card (CAC) - A common access card (CAC) is a Unites States Department of Defense (DoD) smart card for multifactor authentication.
  • Consensus Algorithm - A consensus algorithm is a process in computer science used to achieve agreement on a single data value among distributed processes or systems.
  • continuous authentication - Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.
  • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.
  • credential stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login.
  • credential theft - Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business.
  • cryptogram - A cryptogram is a word puzzle featuring encrypted text that the user decrypts to reveal a message of some sort.
  • data masking - Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.
  • default password - A default password is a standard preconfigured password for a device or software.
  • deprovisioning - Deprovisioning is the process of removing access to a system from an end user who will no longer be utilizing that system.
  • digital identity - A digital identity is the body of information about an individual, organization or electronic device that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • disposable email - What is a disposable email?Disposable email is a service that allows a registered user to receive email at a temporary address that expires after a certain time period elapses.
  • Duo Security - Duo Security is a vendor of cloud-based two-factor authentication products.
  • dynamic multipoint VPN (DMVPN) - A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites/routers without passing traffic through an organization's virtual private network (VPN) server or router located at its headquarters.
  • e-signature - An e-signature (electronic signature) is a digital version of a traditional pen and ink signature.
  • EMV card - An EMV card is a credit or debit card with an embedded computer chip and associated technology designed to enable secure payment at compatible point of sale (POS) terminals; EMV stands for Europay, Mastercard and Visa, the three companies responsible for the standard.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • endpoint authentication (device authentication) - Endpoint authentication is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service.
  • enhanced driver's license (EDL) - An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license, includes an RFID tag that allows officials to pull up the owner's biographical and biometric data.
  • enterprise risk management (ERM) - Enterprise risk management is the process of planning, organizing, directing and controlling the activities of an organization to minimize the deleterious effects of risk on its capital and earnings.
  • Extensible Authentication Protocol (EAP) - The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.
  • facial recognition - Facial recognition is a category of biometric software that maps an individual's facial features mathematically and stores the data as a faceprint.
  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FIDO (Fast Identity Online) - FIDO (Fast ID Online) is a set of technology-agnostic security specifications for strong authentication.
  • four-factor authentication (4FA) - Four-factor authentication (4FA) is the use of four types of identity-confirming credentials, typically categorized as knowledge, possession, inherence and location factors.
  • fraud detection - Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.
  • full-disk encryption (FDE) - Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive.
  • Google Authenticator - Google Authenticator is a security application used to verify user identities before granting access to websites and services.
  • grid authentication - Grid authentication is a method of ensuring that an end user is who he claims to be by requiring him to enter values from specific cells in a grid whose content should be only accessible to him and the service provider.
  • hardware security module (HSM) - A hardware security module (HSM) is a physical device that provides extra security for sensitive data.
  • Hash-based Message Authentication Code (HMAC) - Hash-based Message Authentication Code (HMAC) is a message authentication code that uses a cryptographic key in conjunction with a hash function.
  • identity as a Service (IDaaS) - Identity as a Service (IDaaS) is an authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • identity management (ID management) - Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources.
  • identity provider - An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • inherence factor - The inherence factor, in a security context, is a category of user authentication credentials consisting of elements that are integral to the individual in question, in the form of biometric data.
  • initialization vector - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • Java Authentication and Authorization Service (JAAS) - The Java Authentication and Authorization Service (JAAS) is a set of application program interfaces (APIs) that can determine the identity of a user or computer attempting to run Java code, and ensure that the entity has the privilege or permission to execute the functions requested.
  • John the Ripper - John the Ripper is a popular free password cracking tool that combines several different cracking programs and runs in both brute force and dictionary attack modes.
  • Just Enough Administration (JEA) - Just Enough Administration (JEA) is a PowerShell toolkit designed to help an organization reduce risk by restricting IT administrative rights.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • key-value pair (KVP) - A key-value pair (KVP) is a set of two linked data items: a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointer to the location of that data.
  • LDAP injection - LDAP (Lightweight Directory Access Protocol) injection is a type of security exploit that is used to compromise the authentication process used by some websites.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • machine authentication - Machine authentication is the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.
  • man-in-the-middle attack (MitM) - A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • mandatory access control (MAC) - Mandatory access control (MAC) is a system-controlled policy restricting access to resource objects (such as data files, devices, systems, etc.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • message authentication code (MAC) - A message authentication code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.
  • Microsoft Group Policy administrative template - A Microsoft Group Policy administrative template is a file that supports the implementation of Microsoft Windows Group Policy and centralized user and machine management in Active Directory environments.
  • Microsoft Network Access Protection (NAP) - Network access protection (NAP), introduced with Windows Server 2008, is Microsoft’s approach to controlling access to a network based on a determination of each device’s health.
  • Microsoft Network Device Enrollment Service (NDES) - Microsoft Network Device Enrollment Service (NDES) is a security feature in Windows Server 2008 R2 and later Windows Server operating versions.
  • Microsoft Windows Azure Active Directory (Windows Azure AD) - Microsoft Windows Azure Active Directory (Windows Azure AD or Azure AD) is a cloud service that provides administrators with the ability to manage end-user identities and access privileges.
  • Microsoft Windows Hello - Microsoft Windows Hello is a biometric identity and access control feature that supports fingerprint scanners, iris scanners and facial recognition technology on compatible devices running Windows.
  • mimikatz - Mimikatz is an open source malware program used by hackers and penetration testers to gather credentials on Windows computers.
  • mobile authentication - Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access.
  • multisig (multisignature) - Multisig, also referred to as multi-signature, describes the requirement of obtaining two or more signatures to authorize or execute a transaction.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • national identity card - A national identity card is a portable document, typically a plasticized card with digitally-embedded information, that someone is required or encouraged to carry as a means of confirming their identity.
  • nonrepudiation - Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.
  • OAuth - OAuth (Open Authorization) is an open standard authorization framework for token-based authorization on the internet.
  • one-time password (OTP) - A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
  • one-time password token (OTP token) - A one-time password token (OTP token) is a security hardware device or software program that is capable of producing a single-use password or PIN passcode.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • OpenID (OpenID Connect) - OpenID is an open specification for authentication and single sign-on.
  • orphan account - An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.
  • out-of-band authentication - Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password.
  • palm print recognition - Palm print recognition is a biometric authentication method based on the unique patterns of various characteristics in the palms of people’s hands.
SearchNetworking
  • throughput

    Throughput is a measure of how many units of information a system can process in a given amount of time.

  • traffic shaping

    Traffic shaping, also known as packet shaping, is a congestion management method that regulates network data transfer by delaying...

  • open networking

    Open networking describes a network that uses open standards and commodity hardware.

SearchSecurity
  • buffer underflow

    A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space ...

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

  • pen testing (penetration testing)

    A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, ...

SearchCIO
  • benchmark

    A benchmark is a standard or point of reference people can use to measure something else.

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with 3D data.

  • organizational goals

    Organizational goals are strategic objectives that a company's management establishes to outline expected outcomes and guide ...

SearchHRSoftware
  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

  • hybrid work model

    A hybrid work model is a workforce structure that includes employees who work remotely and those who work on site, in a company's...

SearchCustomerExperience
Close