The Secret Security Wiki

Categories
Categories

Authentication

The process of validating whether a person or an entity is in fact who they declare themselves to be. It is used to provide access control and identity management for systems by checking if user’s credentials match the credentials in the authentication server.

What Is Passwordless Authentication?

What Is Passwordless Authentication–and Why Does the Workforce Need It? Passwordless authentication is a type of MFA that verifies user identity without relying on passwords or other memorized secrets. Passwordless generally means a form of multi-factor authentication or MFA, though simpler forms of passwordless authentication exist such as email-delivered magic links. Instead of using passwords,...

Learn more

OTP, HOTP and TOTP

What is OTP? And what’s the difference between HOTP and TOTP? One-time password (OTP) offers a clever and elegant way to authenticate a user. Authentication occurs by way of verifying that the user is in possession of a shared secret, without the user having to communicate the secret itself. To authenticate, the user derives a...

Learn more

Shared Accounts

Shared accounts are any resource that uses a single pair of credentials to authenticate multiple users. Shared resources can be tied to any platform or network tool, from email accounts to servers and databases. While shared accounts are not considered best practice, an organization may end up using shared accounts for a variety of reasons....

Learn more

Ticket Granting Tickets

In Kerberos authentication, a Ticket Granting Ticket (TGT) is a user authentication token issued by the Key Distribution Center (KDC) that is used to request access tokens from the Ticket Granting Service (TGS) for specific resources/systems joined to the domain. Use of the TGT was designed into the Kerberos protocol to avoid frequently asking the...

Learn more

Out of Band Authentication

Out of band authentication (OOBA) is an authentication process that utilizes a communications channel separate from the primary communication channel of two entities trying to establish an authenticated connection. Using a separate authentication channel makes it significantly more difficult for an attacker to intercept and subvert the authentication process (i.e. via man-in-the-middle attack), because it...

Learn more

Risk Based Authentication

Risk-based authentication, also commonly referred to as adaptive a0uthentication, is an authentication paradigm that attempts to match the required authentication credentials to the perceived risk of the connection or authorizations requested. The objective is to try to reduce the authentication burden on users and provide a better experience on the one hand, while enforcing strong...

Learn more

Universal 2nd Factor

Universal 2nd Factor (U2F) is a protocol designed to enable online services to augment their traditional password-based authentication with a second factor of authentication that is presented via a USB device or NFC interface. The use of a local interface requires client applications – typically a web browser – to support U2F. U2F is defined...

Learn more

Biometric Authentication

Biometric authentication is a user identity verification process that uses a biologically unique identifier to authenticate the user. Identifiers can be a fingerprint, hand contour, voice, iris, retina, face, etc. Biometric authentication typically requires an initial enrollment phase during which reference biometric data is registered. Once a reference is established, the authentication process involves comparing...

Learn more

Adaptive Authentication

Adaptive authentication, also commonly referred to as risk-based authentication, is an authentication paradigm that attempts to match the required authentication credentials to the perceived risk of the connection or authorizations requested. The objective is to try to reduce the authentication burden on users and provide a better experience on the one hand, while enforcing strong...

Learn more

Time Based One Time Password

Time-based One-Time Password (TOTP) is a single-use passcode typically used for authenticating users. The user is assigned a TOPT generator delivered as a hardware key fob or software token. The generator implements an algorithm that computes a one-time passcode using a secret shared with the authentication server and the current time – hence the name...

Learn more

Push Notification Authentication

Push Notification Authentication enables user authentication by sending a push notification directly to a secure application on the user’s device, alerting them that an authentication attempt is taking place. Users can view authentication details and approve or deny access, typically via a simple press of a button. Notifications can be sent in-band or out-of-band, using...

Learn more

Privileged Access Management

Privileged Access Management (PAM) refers to a class of solutions that help secure, control, manage and monitor privileged access to critical assets. To achieve these goals, PAM solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault)  isolating the use of privileged...

Learn more

Key Distribution Center

A key distribution center (KDC) is a component in an access control system responsible for servicing user requests to access resources by supplying access tickets and session keys. The KDC will use cryptographic techniques to authenticate requesting users, lookup their permissions, and grant them a ticket permitting access. The user can then present the ticket...

Learn more

Smart Card Authentication

A smart card is a secure microcontroller that is typically used for generating, storing and operating on cryptographic keys. Smart card authentication provides users with smart card devices for the purpose of authentication. Users connect their smart card to a host computer. Software on the host computer interacts with the keys material and other secrets...

Learn more

Step Up Authentication

Step up authentication is the process by which a user is challenged to produce additional forms of authentication to provide a higher level of assurance that he is in fact who he claims to be. Step up authentication is typically implemented as part of an adaptive authentication scheme that seeks to match the risk level...

Learn more

Active Directory

Active Directory (AD) is an identity directory service for users and computers that was developed and marketed by Microsoft for use on Windows domains. The AD service is comprised of several sub-services, with some of the main ones described below: Active Directory Domain Services (AD DS), also known as a domain controller, stores all the...

Learn more

What is Two-Factor Authentication

Two-Factor Authentication (aka 2FA) is a specific type of Multi-Factor Authentication that requires the authenticating party to produce two separate identifying factors. that are indicative to its identity, instead of the previously standard single identifier, usually a password, required in many systems. 2FA improves security substantially since an attacker would need to gain possession of...

Learn more

Single-Factor Authentication

Single-Factor Authentication (SFA) is an identity verification process that requires the access-requesting party (can be a person, software or machine) to produce to the authenticating party a single identifier – single factor – that is linked to its identity. SFA is used by default in many systems because it is easy and cheap to implement....

Learn more

Multi Factor Authentication (MFA)

Multi-Factor Authentication (aka MFA) is an authentication method that requires the authenticating party (be it a person, software or a hardware module) to produce several separate identifiers (or “factors”) that are indicative to its identity, instead of the previously standard single identifier, usually a password, required by default in many systems. Our age’s high dependency...

Learn more