Browse Definitions :

Authentication and access control

Terms related to authentication, including security definitions about passwords and words and phrases about proving identity.

ACC - PAS

  • acceptable use policy (AUP) - An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources.
  • access control - Access control is a security technique that regulates who or what can view or use resources in a computing environment.
  • access control list (ACL) - An access control list (ACL) is a list of rules that specifies which users or systems are granted or denied access to a particular object or system resource.
  • active attack - An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.
  • Active Directory Domain Services (AD DS) - Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database.
  • Active Directory Federation Services (AD FS) - Active Directory Federation Services (AD FS) is a feature of the Windows Server operating system (OS) that extends end users' single sign-on (SSO) access to applications and systems outside the corporate firewall.
  • adaptive multifactor authentication (adaptive MFA) - Adaptive multifactor authentication (MFA) is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors.
  • Amazon Cognito - Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices.
  • authentication - Authentication is the process of determining whether someone or something is who or what they say they are.
  • authentication factor - An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be.
  • authentication server - An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.
  • authentication, authorization and accounting (AAA) - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • Automatic Identification and Data Capture (AIDC) - Automatic Identification and Data Capture (AIDC) is a broad set of technologies used to collect information from an object, image or sound without manual data entry.
  • behavioral biometrics - Behavioral biometrics are based on human activity such as typing patterns.
  • biometric authentication - Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are.
  • biometric payment - Biometric payment is a point-of-sale (POS) technology that uses biometric authentication physical characteristics to identify the user and authorize the deduction of funds from a bank account.
  • biometric verification - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.
  • biometrics - Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics.
  • bitcoin mining - Bitcoin mining is a type of cryptomining in which new bitcoin are entered into circulation and bitcoin transactions are verified and added to the blockchain.
  • brute-force attack - A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems.
  • BYOI (bring your own identity) - BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party.
  • card dipping (EMV card dipping) - Dipping can be contrasted with swiping.
  • channel partner portal - A channel partner portal is a web-based application that provides a vendor's established partners (usually distributors, resellers, service providers or other strategic partners) with access to deal registration, marketing resources, pricing and sales information for products and services, as well as technical details and support that are unavailable to other end users.
  • CHAP (Challenge-Handshake Authentication Protocol) - CHAP (Challenge-Handshake Authentication Protocol) is a challenge and response authentication method that Point-to-Point Protocol (PPP) servers use to verify the identity of a remote user.
  • claims-based identity - Claims-based identity is a means of authenticating an end user, application or device to another system in a way that abstracts the entity's specific information while providing data that authorizes it for appropriate and relevant interactions.
  • cloud security - Cloud security, also known as cloud computing security, is the practice of protecting cloud-based data, applications and infrastructure from cyberthreats and cyber attacks.
  • cloud workload protection - Cloud workload protection is the safeguarding of workloads spread out across multiple cloud environments.
  • Common Access Card (CAC) - A Common Access Card (CAC) is a smart card issued by the Unites States Department of Defense for accessing DOD systems and facilities.
  • Consensus Algorithm - A consensus algorithm is a process in computer science used to achieve agreement on a single data value among distributed processes or systems.
  • continuous authentication - Continuous authentication is a method of verification aimed at providing identity confirmation and cybersecurity protection on an ongoing basis.
  • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) - Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.
  • credential stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on a number of sites through automated login.
  • credential theft - Credential theft is a type of cybercrime that involves stealing a victim's proof of identity.
  • cryptogram - A cryptogram is a word puzzle featuring encrypted text that the user decrypts to reveal a message of some sort.
  • CSR (Certificate Signing Request) - A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA).
  • data masking - Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.
  • decentralized identity - Decentralized identity is an approach to identify and authenticate users and entities without a centralized authority.
  • default password - A default password is a standard preconfigured password for a device or software.
  • deprovisioning - Deprovisioning is the part of the employee lifecycle in which access rights to software and network services are taken away.
  • digital identity - A digital identity is the body of information about an individual, organization or electronic device that exists online.
  • Digital Signature Standard (DSS) - The Digital Signature Standard (DSS) is a digital signature algorithm (DSA) developed by the U.
  • Directory Services Restore Mode (DSRM) - Directory Services Restore Mode (DSRM) is a Safe Mode boot option for Windows Server domain controllers.
  • disposable email - What is a disposable email?Disposable email is a service that allows a registered user to receive email at a temporary address that expires after a certain time period elapses.
  • Duo Security - Duo Security is a vendor of cloud-based two-factor authentication products.
  • dynamic multipoint VPN (DMVPN) - A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites/routers without passing traffic through an organization's virtual private network (VPN) server or router located at its headquarters.
  • e-signature (electronic signature) - An e-signature (electronic signature) is a digital version of a traditional pen and ink signature.
  • e-ticket (electronic ticket) - An e-ticket (electronic ticket) is a paperless electronic document used for ticketing purposes, such as airfare or concert admission.
  • EMV card - An EMV card is a credit or debit card with an embedded computer chip and associated technology designed to enable secure payment at compatible point of sale (POS) terminals; EMV stands for Europay, Mastercard and Visa, the three companies responsible for the standard.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • endpoint authentication (device authentication) - Endpoint authentication is a security mechanism designed to ensure that only authorized devices can connect to a given network, site or service.
  • enhanced driver's license (EDL) - An enhanced driver's license (EDL) is a government-issued permit that, in addition to the standard features of a driver's license, includes an RFID tag that allows officials to pull up the owner's biographical and biometric data.
  • Extensible Authentication Protocol (EAP) - The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet.
  • facial recognition - Facial recognition is a category of biometric software that maps an individual's facial features mathematically and stores the data as a faceprint.
  • federated identity management (FIM) - Federated identity management (FIM) is an arrangement between multiple enterprises or domains that enables their users to use the same identification data (digital identity) to access all their networks.
  • FIDO (Fast Identity Online) - FIDO (Fast Identity Online) is a set of technology-agnostic security specifications for strong authentication.
  • four-factor authentication (4FA) - Four-factor authentication (4FA) is the use of four types of identity-confirming credentials, typically categorized as knowledge, possession, inherence and location factors.
  • fraud detection - Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.
  • full-disk encryption (FDE) - Full-disk encryption (FDE) is a security method for protecting sensitive data at the hardware level by encrypting all data on a disk drive.
  • Google Authenticator - Google Authenticator is a mobile security application that provides a second type of confirmation for websites and online services that use two-factor authentication (2FA) to verify a user's identity before granting him or her access to secure resources.
  • hardware security module (HSM) - A hardware security module (HSM) is a physical device that provides extra security for sensitive data.
  • Hash-based Message Authentication Code (HMAC) - Hash-based Message Authentication Code (HMAC) is a message encryption method that uses a cryptographic key in conjunction with a hash function.
  • identity management (ID management) - Identity management (ID management) is the organizational process for ensuring that individuals have the appropriate access to technology resources.
  • identity provider - An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of login credentials that ensures the entity is who or what it says it is across multiple platforms, applications and networks.
  • identity theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else.
  • initialization vector - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • Java Authentication and Authorization Service (JAAS) - The Java Authentication and Authorization Service (JAAS) is a set of application program interfaces (APIs) that can determine the identity of a user or computer attempting to run Java code, and ensure that the entity has the privilege or permission to execute the functions requested.
  • key fob - A key fob is a small, programmable device that provides access to a physical object.
  • key-value pair (KVP) - A key-value pair (KVP) is a set of two linked data items: a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointer to the location of that data.
  • knowledge-based authentication - Knowledge-based authentication (KBA) is an authentication method in which users are asked to answer at least one secret question.
  • LDAP injection - LDAP (Lightweight Directory Access Protocol) injection is a type of security exploit that is used to compromise the authentication process used by some websites.
  • LEAP (Lightweight Extensible Authentication Protocol) - LEAP (Lightweight Extensible Authentication Protocol) is a Cisco-proprietary version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
  • logon (or login) - In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource.
  • machine authentication - Machine authentication is the authorization of an automated human-to-machine or machine-to-machine (M2M) communication through verification of a digital certificate or digital credentials.
  • man-in-the-middle attack (MitM) - A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • mandatory access control (MAC) - Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • message authentication code (MAC) - A message authentication code (MAC) is a cryptographic checksum applied to a message in network communication to guarantee its integrity and authenticity.
  • Microsoft Azure Key Vault - Microsoft Azure Key Vault is a cloud-based security service offered by Microsoft as part of its Azure platform.
  • Microsoft Group Policy administrative template - A Microsoft Group Policy administrative template is a file that supports the implementation of Microsoft Windows Group Policy and centralized user and machine management in Active Directory environments.
  • Microsoft Network Device Enrollment Service (NDES) - Microsoft Network Device Enrollment Service (NDES) is a security feature in Windows Server 2008 R2 and later Windows Server operating versions.
  • Microsoft Windows Azure Active Directory (Windows Azure AD) - Microsoft Windows Azure Active Directory (Windows Azure AD or Azure AD) is a cloud service that provides administrators with the ability to manage end-user identities and access privileges.
  • Microsoft Windows Hello - Microsoft Windows Hello is a biometric identity and access control feature that supports fingerprint scanners, iris scanners and facial recognition technology on compatible devices running Windows.
  • mimikatz - Mimikatz is an open source malware program used by hackers and penetration testers to gather credentials on Windows computers.
  • mobile authentication - Mobile authentication is the verification of a user's identity via a mobile device using one or more authentication methods for secure access.
  • multifactor authentication - Multifactor authentication (MFA) is an account login process that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • national identity card - A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity.
  • nonrepudiation - Nonrepudiation ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information.
  • OAuth - OAuth (Open Authorization) is an open standard authorization framework for token-based authorization on the internet.
  • one-time password (OTP) - A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
  • Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
  • OpenID (OpenID Connect) - OpenID is an open specification for authentication and single sign-on.
  • orphan account - An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.
  • out-of-band authentication - Out-of-band authentication is a type of two-factor authentication that requires a secondary verification method through a separate communication channel along with the typical ID and password.
  • palm print recognition - Palm print recognition is a biometric authentication method based on the unique patterns of various characteristics in the palms of people’s hands.
Networking
  • top-of-rack switching

    Top-of-rack switching is a data center architecture design in which computing equipment like servers, appliances and other ...

  • edge device

    An edge device is any piece of hardware that controls data flow at the boundary between two networks.

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard that defines how to establish and maintain a network conversation by which ...

Security
  • Zoombombing

    Zoombombing is a type of cyber-harassment in which an unwanted and uninvited user or group of such users interrupts online ...

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an ...

  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

CIO
  • globalization

    Globalization is the process by which ideas, knowledge, information, goods and services spread around the world.

  • business process outsourcing (BPO)

    Business process outsourcing (BPO) is a business practice in which an organization contracts with an external service provider to...

  • localization

    Localization is the process of adapting and customizing a product to meet the needs of a specific market, as identified by its ...

HRSoftware
  • employee resource group (ERG)

    An employee resource group is a workplace club or more formally realized affinity group organized around a shared interest or ...

  • employee training and development

    Employee training and development is a set of activities and programs designed to enhance the knowledge, skills and abilities of ...

  • employee sentiment analysis

    Employee sentiment analysis is the use of natural language processing and other AI techniques to automatically analyze employee ...

Customer Experience
  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

  • customer insight (consumer insight)

    Customer insight, also known as consumer insight, is the understanding and interpretation of customer data, behaviors and ...

  • buyer persona

    A buyer persona is a composite representation of a specific type of customer in a market segment.

Close