Authentication Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Access Management

A broad concept that encompasses the policies, processes, methodologies, and tools that manage user privileges. In access management – users include customers, partners, and employees; devices include computers, smartphones, routers, servers, controllers and sensors as devices also have access privileges

Active Directory

Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who’s allowed to do what.

The Active Directory structure is comprised of three main components: domains, trees, and forests. Several objects, like users or devices that use the same AD database, can be grouped into a single domain.”

Adaptive Authentication

Adaptive authentication is a dynamic type of multi-factor authentication that can be configured and deployed in a way that the identity service provider (IDP) system will select the right multiple authentication factors depending on a user’s risk profile and behavior. Unlike with MFA, adaptive authentication is more dynamic, and security requirements can change according to the user role, location, or the situation. Since every employee, vendor, or partner has different access needs, capabilities, and endpoints in a given login session, IT security policies must be adaptable.

Advanced Encryption Standard Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S National Institute of Standards and Technology (NIST) in 2001. AES has an encryption key length of 128, 192, and 256 bits, which can encrypt and decrypt data in blocks of 128 bits. The longest AES encryption key length is also known as military-grade encryption.

Adversary in the Middle

An adversary-in-the-middle (AitM) attack, also known as a man-in-the-middle (MitM) attack, is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

Artificial Intelligence

Artificial intelligence is the simulation of human intelligence processes by machines, especially computer systems. Specific applications of AI include expert systems, natural language processing, speech recognition and machine vision. There are 7 types of AI Reactive Machines.
Limited Memory.
Theory of Mind.
Self-aware.
Artificial Narrow Intelligence (ANI)
Artificial General Intelligence (AGI)
Artificial Superintelligence (ASI)

Asymetric Encryption

Asymmetric encryption is also known as public key cryptography. Asymmetric encryption was introduced to eliminate the need to share the key by using a pair of public-private key. Asymmetric encryption ensures that malicious persons do not misuse the keys.

Authentication

Authentication technology protects and manages access to systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server. The process the technology uses to verify the identity of a user is called authentication.

Back to top

Biometric Authentication

Authentication technology that protects and manages access to systems using biometric factor(s) for user verification.
Biometric Encryption Biometric Encryption is a group of emerging technologies that securely bind a digital key to a biometric or generate a digital key from the biometric, so that no biometric image or template is stored.

Biometric Identification Biometric authentication is a security process that relies on the unique biological characteristics of an individual to verify that he is who is says he is. Biometric authentication systems compare a biometric data capture to stored confirmed authentic data in a database.

Bot Attack

The use of automated web requests to manipulate, defraud, or disrupt a website, application, API, or end-users. Bot attacks started out as simple spamming operations and have branched into complex, multinational criminal enterprises with their own economies and infrastructures.

Bring Your Own Device

Bring your Own Device (BYOD) is the set of policies in a business that allows employees to use their own devices – phone, laptop, tablet or whatever – to access business applications and data, rather than forcing employees to use company-provided devices for that purpose.

Back to top

Client to Authenticator Protocol (CTAP)

CTAP enables expanded use cases over previous FIDO standards. It enables external devices such as mobile handsets or FIDO security keys to work with browsers supporting WebAuthn and also to serve as authenticators to desktop applications and web services.

Back to top

Digital Onboarding

The practice of signing up for a customer account – such as a bank account a credit card insurance services or other electronic services entirely online or via a mobile device.

Back to top

FIDO Authentication

Based on free and open standards from the FIDO Alliance, FIDO Authentication enables password-only logins to be replaced with secure and fast login experiences across websites and apps.

FIDO2 Authentication

FIDO2 is the overarching term for FIDO Alliance’s newest set of strong authentication standards. FIDO2 includes two specifications: W3C’s Web Authentication (WebAuthn) and FIDO Alliance’s Client to Authenticator Protocol (CTAP). FIDO2 standards enable users to leverage common devices to easily authenticate to online services in both mobile and desktop environments, and with much higher security over passwords and SMS OTPs.

Back to top

General Data Protection Regulation (GDPR)

A legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).

Back to top

Identity and Access Management (IAM)

The discipline that enables the right individuals to access the right resources at the right times for the right reasons.

IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

Identity as a Service (IDaaS)

Refers to identity and access management services that are offered through the cloud or SaaS (software-as-a-service) on a subscription basis.

Identity Authentication

The act of proving an assertion, such as the identity of an employee, customer, or computer system user. In contrast with identification which is the act of establishing or indicating a person or thing’s identity, Identity Authentication is the process of verifying that identity. It might involve validating personal identity documents, or ensuring that a product or document is not counterfeit. Authentication determines if the person is who they claim they are by presenting identity documents such as a driver’s license or passport that match the person presenting the document.

Identity Fraud

The deliberate use of someone else’s identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person’s name, and perhaps to the other person’s disadvantage or loss.

Identity Management

The organizational process for identifying, authenticating and authorizing individuals or groups of people to have access to applications, systems or networks by associating user rights and restrictions with established identities.

Identity Proofing

Identity proofing is a detailed authentication process that businesses use to ensure their clients are who they claim to be. To avoid data breaches and fraud, which can be costly, businesses can require multiple steps of identity verification, and identity proofing goes beyond basic authentication to add additional verification measures such as government documents, photo IDs, and personal questions.

Identity Verification

Identity Verification is a process that determines “are you actually who you say you are” by verifying users or customers provide identity credentials associated with the identity of a real person.Identity Verification services help ensure that users or customers provide information that is associated with the identity of a real person. The service may verify the authenticity of physical identity documents such as a driver’s license, passport, or a nationally issued identity document through documentary verification. Identity verification may also involve the verification of identity data against independent and authoritative sources, such as a credit bureau or proprietary government databases.

Back to top

Know Your Customer (KYC)

The mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time.

Knowledge Based Authentication (KBA)

Security concept relies on asking a client for personal information such as details to their last four transactions, mother’s maiden name, and secret phrases, among other questions.

Back to top

Multi Factor Authentication (MFA)

An electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. The factors can be:

• Knowledge – something the user and only the user knows
• Possession – something the user and only the user has, and
• Inherence – something the user and only the user is – such as their biometric

MFA protects the user and the system they are trying to access from an unknown person trying to access the system and the system’sdata such as personal ID details or financial assets.

Back to top

One Time Passwords (OTP)

Also known as one-time PIN or dynamic password, and OTP is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTP is often used as an identity authentication method.

Back to top

Passkey

Passkeys are a new type of login credential that removes the need for passwords. The authentication requires either biometric authentication – such as a fingerprint or facial recognition – or a PIN or swipe pattern used with Androids for access. The passkey works on a person’s device, so users can’t use passkey functions on another device without a QR code. Users can scan the QR code from their phone and use their Face ID or Touch ID to sign in from another nearby device. Passkeys were created with the Web Authentication API security standard that uses public key cryptography for access. Each key is unique and created with encrypted data for added security — think of a digital version of a keycard.

Passwordless Authentication

An authentication method in which a user can log in to a computer system without the entering (and remembering) a password or any other knowledge-based secret.

Payment Services Directive (PSD2)

European directive designed to regulate payment processes throughout the European Union and European Economic Area.

Back to top

Remote Onboarding

The process of electronically enrolling a new employee or contractor using an online or mobile platform. Remote onboarding can also be defined as the practice of signing up for a new customer account – such as a bank account, a credit card, insurance services or other electronic service entirely online or via a mobile device.

Back to top

SSO or Single Sign-On

An authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. Single Sign On does not generally include identity verification or identity proofing.

Strong Customer Authentication (SCA)

Based on the use of two or more elements categorized as knowledge (something only the user knows) such as passwords or PINs, possession (something only the user possesses) such as security tokens and inherence (something the user is) such as fingerprints or facial biometric. These must be independent from one another, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.

Back to top

Two Factor Authentication (2FA)

A security feature that requires two types of credentials for authentication and is designed to provide an additional layer of validation minimizing security breaches.

Back to top

Web Authentication (WebAuthn)

WebAuthn enables online services to use FIDO Authentication through a standard web API that can be built into browsers and related web platform infrastructure. It is a collaborative effort based on specifications initially submitted by FIDO Alliance to the W3C and then iterated and finalized by the broader FIDO and W3C communities. WebAuthn was designated an official web standard in March 2019. It is currently supported in Windows 10 and Android platforms, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari web browsers.

Back to top