Authentication
facial recognition
A biometric authentication that views the user's face and is becoming increasingly popular on smartphones.
smart card
A card that contains information used as part of the authentication process.
Open ID
A federation technology that provides user authentication information.
security key
A hardware device inserted into a computer port that contains all the necessary cryptographic information to authenticate the user.
token key
A hardware device inserted into a computer port that contains all the necessary cryptographic information to authenticate the user.
MicroSD HSM
A hardware security module in a small consumer-oriented form factor.
password keys
A hardware-based device to store passwords.
attestation
A key pair that is "burned" into a security key during manufacturing and is specific to a device model that can verify authentication.
retina
A layer at the back (posterior) portion of the eyeball that contains cells sensitive to light and can be used for biometric authentication.
push notification
A message displayed on a smartphone through an authentication app.
time-based one-time password (TOTP)
A onetime password that changes after a set period of time.
HMAC-based one-time password (HOTP)
A onetime password that changes when a specific event occurs.
dictionary attack
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.
key stretching
A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.
gait
A person's manner of walking that can be used as a physiological biometric identifier.
fingerprint
A physiological biometric identifier that has become the most common type of authentication.
voice
A physiological biometric identifier.
skimming
A process in which a threat actor attaches a small device that fits inside a card reader to capture information.
phone call
A process to use a smartphone to verify a user's login attempt.
salt
A random string added to a hash algorithm for enhanced security.
password
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of.
password vault
A secure repository in which users can store their passwords.
token
A small device with a window display.
authentication app
A smartphone application that can be used to verify a user's login attempt.
iris
A thin circular structure in the eye that can be used for authentication.
static code
A value that never changes.
Challenge-Handshake Authentication Protocol (CHAP)
A weak authentication framework protocol that has been replaced by more secure versions.
Password Authentication Protocol (PAP)
A weak version of Extensible Authentication Protocol (EAP).
Security Assertion Markup Language (SAML)
An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data.
offline brute force attack
An attack in which a stolen digest file is loaded onto a computer to be cracked using password cracking software.
brute force attack
An attack in which every possible combination of letters, numbers, and characters is combined to attempt to determine the user's password.
pass the hash
An attack in which the attacker steals the digest of an NTLM password and pretends to be the user by sending that hash to the remote system to be authenticated.
online brute force attack
An attack in which the same account is continuously attacked by entering different passwords.
password spraying
An attack that uses one or a small number of commonly used passwords when trying to log in to several different user accounts.
Kerberos
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
RADIUS (Remote Authentication Dial-In User Service)
An industry standard authentication service with widespread support across nearly all vendors of networking equipment.
OAuth (Open Authorization)
An open source federation framework.
Something you exhibit
Authentication based on a genetically determined characteristic.
Something you can do
Authentication based on actions that the user can uniquely perform.
Someone you know
Authentication based on being validated by another person.
Something you know
Authentication based on something the user knows but no one else knows.
Something you have
Authentication based on the approved user having a specific item in his or her possession.
Something you are
Authentication based on the features and characteristics of the individual.
Somewhere you are
Authentication based on where the user is located.
Rainbow tables
Large pregenerated data sets of encrypted passwords used in password attacks.
vein
One of the "tubes" that form part of the blood circulation system in the human body that carries oxygen-depleted blood back toward the heart.
authentication
Proving that a user is genuine and not an imposter.
federation
Single sign-on for networks owned by different organizations, also called federated identity management (FIM).
password cracker
Software designed to break passwords through matching.
password crackers
Software designed to break passwords through matching.
MS-CHAP
The Microsoft version of CHAP.
efficacy rate
The benefit achieved of a biometric identifier.
crossover error rate (CER)
The biometric error rate in which the FAR and FRR are equal over the size of the population.
TACACS+
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.
false acceptance rate (FAR)
The frequency at which imposters are accepted as genuine when using biometric authentication.
false rejection rate (FRR)
The frequency that legitimate users are rejected when using biometric authentication.
card cloning
Unauthorized duplication of smart cards.
multifactor authentication (MFA)
Using more than one type of authentication credential.
single sign-on (SSO)
Using one authentication credential to access multiple accounts or applications.
knowledge-based authentication
Using perception, thought processes, and understanding for a biometric identifier.
