Glossary
Not everyone is directly familiar with the terms relating to authentication. Here we have summarized the most common expressions and briefly explained them.
If you have any further questions, please do not hesitate to contact us!
A - F
Authenticators through FIDO
Authenticator
Authenticators are security mechanisms used to verify the identity of a user. They are used to ensure that only authorized persons can access certain systems or information. This can be done by using passwords, fingerprint recognition, two-factor authentication, or other methods.
Authentication
Authentication are security mechanisms used to verify a user's identity. They are used to ensure that only authorized individuals have access to certain systems or information. This can be done using passwords, fingerprint recognition, two-factor authentication, or other methods.
Authorization
Authorization refers to the process of assigning permissions or access rights to users to access certain resources or functions. This mechanism ensures that only authorized individuals or systems are allowed to access protected information or perform certain actions. Authorization is an essential part of the security architecture to prevent unauthorized access or misuse of resources.
Biometrics
Biometrics refers to the measurement and analysis of biological characteristics or behaviors to establish a person's identity. Individual characteristics such as fingerprints, iris or facial features, voice or hand geometry are used. Biometrics is increasingly used as a reliable method for authentication and identity verification in various areas such as access control, payment processing and security systems.
Cloud Authentication
Cloud authentication refers to the process of verifying the identity of users seeking access to cloud services or resources. It includes the use of authentication mechanisms such as username and password, multi-factor authentication, or single sign-on (SSO) to ensure that only authorized individuals can access cloud resources. Cloud authentication provides a secure and efficient way to verify user identity and protect access to sensitive data and applications in the cloud.
Critical Infrastructure(s)
Critical infrastructures are organizations of great importance for the state community, whose failure or impairment would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences. Therefore, cyber attacks on critical infrastructures represent a fundamentally higher vulnerability of society and form a new level of existential threat.
Cybercrime
Cybercrime refers to crimes committed in the digital space using computer systems, networks, and electronic devices as a means or end. It includes activities such as hacking, phishing, identity theft, fraud, distribution of malware and ransomware, and illegal access to confidential information. Cybercrime can cause significant financial damage, compromise personal information, and undermine confidence in digital systems and the Internet as a whole.
Cybersecurity Strategy
A good cybersecurity strategy involves implementing multiple layers of security to protect computer systems, networks, and data from threats. This includes regularly updating and patching software, using strong passwords, training employees on cybersecurity issues, and regularly backing up critical data. A good cybersecurity strategy also includes monitoring network traffic, using firewalls and antivirus software, and implementing access rights and encryption technologies.
FIDO (Fast Identity Online)
The FIDO protocols are open and license-free authentication protocols developed by the FIDO (Fast Identity Online) Alliance for secure authentication on the World Wide Web. A large number of security tokens and authentication solutions and applications already use or support FIDO protocols. These offer a particularly high level of security through the use of asymmetric key pairs. A single token/authenticator can secure 1-n applications. The FIDO protocols are W3C standard and therefore enjoy high prominence and increasing distribution.
G - M
Hacking through Multi-Factor Authentication
Hacking
Hacking is the process of gaining unauthorized access to computer systems, networks, or electronic devices to obtain, modify, or manipulate data. Hackers use technical skills and knowledge to exploit security vulnerabilities and penetrate protected systems. Hacking can be done for criminal purposes, such as information theft or financial gain, or for ethical purposes, such as security testing or improving computer security.
Home office security
Home office security refers to measures and best practices to ensure the security of data and systems when employees work at home. These include the use of secure networks, encryption technologies and regular updates to software and devices. In addition, secure access and authentication mechanisms such as strong passwords, two-factor authentication and VPNs should be used to prevent unauthorized access.
Identity and Access Management (IAM)
Identity and Access Management (IAM) is the management of user identities, access rights, and security policies in an IT system or organization. It involves identifying, authenticating, and authorizing users to ensure they have appropriate access to systems, applications, and data. IAM enables centralized management of user accounts, roles, and privileges to enhance security, meet compliance requirements, and improve the efficiency of user access management.
Identity Theft
Identity theft refers to the unlawful access to and misuse of a person's personal identifying information. This involves the theft of sensitive data such as a person's name, date of birth, social security number, credit card information or passwords in order to impersonate the person or cause financial harm. Identity theft can result in significant financial loss, reputational damage, and other negative consequences for the victim.
Identity Provider
An Identity Provider (IdP) is a service that manages the authentication and authorization of users in a system or application. The IdP provides a trusted source that verifies the identity of users and grants them access rights. Different authentication methods can be used, such as username and password, single sign-on (SSO), or social media.
IT Security
IT security refers to measures and strategies taken to protect information, systems and networks from unauthorized access, data loss, malware and other threats. This includes security policies, firewalls, encryption, regular updates, access controls and user awareness training. IT security is critical to ensuring the confidentiality, integrity and availability of data and IT infrastructures.
Malware
Malware, short for "malicious software," is malicious software designed to cause damage, steal information, or disrupt the normal operation of computers or networks. Malware can take the form of viruses, worms, Trojans, spyware, or ransomware, and is often spread through infected email attachments, unsafe websites, or drive-by downloads. Malware can steal personal information, shut down systems, or take control of computers. Effective protection includes the use of antivirus software, regular updates, and caution when opening files or clicking on suspicious links.
Man-in-the-middle (MiTM) attacks
Man-in-the-middle (MiTM) attacks are attack techniques in which an attacker intercepts, manipulates, and controls communications between two parties without being detected. The attacker interposes himself between the two communication partners and can eavesdrop on the traffic, modify it, or even inject his own information. The use of encryption technologies such as HTTPS and secure networks can reduce the risk of man-in-the-middle attacks.
Multi-Factor Authentication
Multi-factor authentication (MFA) is a security mechanism that requires the use of multiple identity credentials to confirm a user's identity. Typically, this involves something the user knows (e.g., a password), something they own (e.g., a security token or cell phone), and/or something they are (e.g., biometrics). By combining multiple elements, MFA increases security because an attacker would need to steal or trick more than one element to gain access.
N - Z
Password
A password is a secret combination of characters used to authenticate and protect access to a system, application, or personal information. It is used to verify the user's identity and prevent unauthorized access. A strong password should be long enough, contain a combination of letters, numbers and special characters, and be updated regularly to ensure security.
Passphrase
A passphrase is a longer string or phrase used as a password instead of a single word. It provides increased security because it is more difficult to guess or crack than traditional passwords. A good passphrase consists of a combination of words that make sense to the user but are difficult for others to guess, and can be strengthened with additional letters, numbers, or special characters.
Passkey
A passkey is a unique key or code used for authentication or encryption. It can be used, for example, with wireless connections such as Bluetooth or Wi-Fi to connect devices or to allow access to a network. The passkey is used as a security measure to ensure that only authorized devices or users have access and that communications are protected.
Phishing
Phishing is a fraudulent method in which attackers impersonate trusted sources to steal sensitive information such as passwords, credit card details, or personal information from victims. Phishing is typically done through spoofed emails, text messages, or Web sites that appear to the victim to be from a legitimate organization or person. The goal of phishing is to trick recipients into clicking on fraudulent links, disclosing personal information, or downloading malicious attachments, ultimately resulting in financial loss or identity theft.
Phishing-resistant MFA
Phishing-resistant MFA (multi-factor authentication) is an authentication method that provides additional protection against phishing attacks. It combines multiple factors, such as something the user knows (such as a password), something the user owns (such as a physical device), and something unique to the user (such as a biometric), to verify the user's identity. Using phishing-resistant MFA reduces the risk of account takeover and unauthorized access, since an attacker would need to obtain not only the password, but also the user's physical possession or biometric to successfully log in.
On-premises
On-premises refers to the deployment and management of software, data, or infrastructure on an organization's own physical premises, as opposed to using cloud services. This means that organizations manage and maintain their own IT resources, such as servers, storage, and network infrastructure, rather than outsourcing them to an external provider. On-premises gives organizations more control over their data and systems, allows for customization to meet specific needs, and may be appropriate for organizations that are subject to strict security or compliance regulations.
PIN (Personal Identification Number)
The personal identification number (PIN) usually consists of a 4 or 6-digit sequence with which the user can identify himself on a device. Both methods are commonly used in conjunction with a username.
OTP (One Time Password)
An OTP (One Time Password) is a temporary password used for a one-time authentication or transaction. It is generated and valid for a limited period of time, usually only for one login or one specific action. OTPs provide additional security because they are changed each time they are used and cannot be reused, even if intercepted. They are often used in conjunction with two-factor authentication (2FA) and multi-factor authentication (MFA) to provide a higher level of security. They are divided into:
TOTP stands for Time-based One-Time Password and refers to a method of generating one-time passwords based on the current time and a secret key.
HOTP stands for Event-based One-Time Password and refers to a variant of the HMAC-based One-Time Password method in which one-time passwords are generated based on a secret key and an event (e.g., pressing a key) rather than the current time.
Ransomware
Security token
Security tokens are usually used to provide additional protection for user accounts as a second factor, often in the form of a USB stick. They can be clearly assigned to a user and thus personalized. Security tokens generate a one-time password (OTP) and react to touch or also use a biometric feature.
Single Sign-On (SSO)
Single Sign-On (SSO) is an authentication method that allows users to log in once with a single credential, such as a user name and password, to access multiple applications or systems. SSO frees users from repetitive logon processes and enables seamless and secure access to different resources, both within an organization and across different services. SSO improves the user experience, reduces the risk of password misuse, and simplifies the management of access rights and identities in an IT environment.
Smartcard
A smart card or intelligent chip card is a hardware security module in the standardized size of the debit card (86 × 54 × 0.76 mm) that provides people with IT security services. A smart card contains a security chip with CPU, RAM and ROM memory, a "lean" and secure operating system in ROM, an I/O interface through which all communication takes place (contact surfaces or contactless interface) and an EEPROM on which the secret keys, such as a secret RSA key or other symmetric keys, as well as personal data (passwords, etc.) are stored securely.
Smartphone (out-of-band)
The smartphone can be used to generate an OTP via an app or receive an SMS as well as act as an out of band authenticator. Here, the user is sent a request to confirm or reject a login to an app. This procedure is quite comfortable for the user and enjoys a high level of acceptance.
Trojan
A Trojan horse is a type of malicious software that disguises itself as a legitimate or useful application in order to infiltrate a computer system undetected. Unlike a virus or worm, a Trojan does not spread itself, but requires the victim to take some action, such as opening an infected email attachment or downloading a fraudulent file. Once active, a Trojan can give the attacker access to the infected system, steal personal information, log keystrokes, or open backdoors to cause further damage.
Zero Trust
Zero Trust is a security approach that assumes that no user, device, or network is automatically trustworthy and must always be thoroughly vetted. It relies on strict access control, authentication, authorization, and continuous monitoring of users and devices, regardless of their location or network connection. The goal of Zero Trust is to increase security, detect threats early, and restrict access to critical resources on a need-to-know and least-privilege basis.