Term | Definition |
authentication | proving that a user is genuine, and not an imposter |
authentication factors | five elements that can prove the genuineness of a user: what you know, what you have, what you are, what you do, where you are |
authentication factors | what you know, what you have, what you are, what you do, and where you are |
bcrypt | a popular key stretching password hash algorithm |
behavioral biometrics | authenticating a user by the unique actions that the user performs |
birthday attack | an attack that searches for any two digests that are the same |
brute force attack | a password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file. |
cognitive birometrics | authenticating a user through the perception, thought process, and understanding of the user. |
common access card (CAC) | a U.S. Department of Defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors |
dictionary attack | a password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file. |
federated identity management (FIM) | single sign-on for networks owned by different organizations. |
geolocation | the identification of the location of a person or object using technology |
HMAC-based one-time password (HOTP) | A one-time password that changes when a specific event occurs. |
hybrid attack | a password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters |
key stretching | a password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest |
LM (LAN Manager) hash | A cryptographic function found in older Microsoft Windows operating systems used to fingerprint data |
multifactor authentication | using more than one type of authentication credential |
NTLM (New Technology LAN Manager) hash | A hash used by modern Microsoft Windows operating systems for creating password digests |
NTLMv2 | the current version of the New Technology LAN Manager hash |
one-time password (OTP) | An authentication code that can be used only once or for a limited period of time. |
password | a secret combination of letters, numbers, and/or characters that only the user should have knowledge of |
PBKDF2 | a popular key stretching password hash algorithm |
Personal Identity Verification (PIV) | A US government standard for smart cards that covers all government employees |
pre-image attack | An attack in which one known digest is compared to an unknown digest |
rainbow tables | large pre-generated data sets of encrypted passwords used in password attacks |
salt | a random string that is used in hash algorithms |
single-factor authentication | using one type of authentication credential |
single sign-on (SSO) | Using one authentication credential to access multiple accounts or applications. |
smart card | a card that contains an integrated circuit chip that can hold information used as part of the authentication process |
standard biometrics | using fingerprints or other unique physical characteristics of a person's face, hands, or eyes for authentication |
time-based one-time password (TOTP) | a one-time password that changes after a set period of time |
token | a small device that can be affixed to a keychain with a window display that shows a code to be used for authentication |
transitive trust | a two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest |
username | an identifier of a user logging into a system |