Authentication

The Process of validating whether a person or an entity is in fact who they declare themselves to be.  The process is used to provide access control and identity management for systems by checking if user’s credentials match the credentials in the authentication server.

Ticket Granting Tickets (TGT)

In Kerberos authentication, a Ticket Granting Ticket (TGT) is a user authentication token issued by the Key Distribution Center (KDC) to be used to request from the Ticket Granting Service (TGS) access tokens for specific resources/systems joined to the domain. Use of the TGT was designed into the Kerberos protocol to avoid having to frequently ask the user for a password …

Out of Band Authentication (OOB)

Out of band authentication (OOBA) refers to an authentication process that utilizes a communications channel that is separate from the primary communication channel used by two entities trying to establish an authenticated connection. Using a separate authentication channel makes it significantly more difficult for an attacker to intercept and subvert the authentication process (i.e. via man-in-the-middle attack), because it requires the …

Risk Based Authentication (RBA)

Risk-based authentication, also commonly referred to as adaptive a0uthentication, is an authentication paradigm that attempts to match the required authentication credentials to the perceived risk of the connection or authorizations requested. The objective is to try to reduce the authentication burden on users and provide a better experience on the one hand, while enforcing strong authentication where it is most needed …

Universal 2nd Factor (U2F)

Universal 2nd Factor (U2F) is a protocol designed to enable online services to augment their traditional password-based authentication with a second factor of authentication that is presented via a USB device or NFC interface. The use of a local interface requires client applications – typically a web browser – to support U2F. U2F is defined as part of Fast Identity Online …

Biometric Authentication

Biometric authentication is a user identity verification process that uses a biologically unique identifier to authenticate the user. Identifiers can be a fingerprint, hand contour, voice, iris, retina, face, etc. Biometric authentication typically requires an initial enrollment phase during which reference biometric data is registered. Once a reference is established, the authentication process involves comparing the presented biometric data to the …

Adaptive Authentication

Adaptive authentication, also commonly referred to as risk-based authentication, is an authentication paradigm that attempts to match the required authentication credentials to the perceived risk of the connection or authorizations requested. The objective is to try to reduce the authentication burden on users and provide a better experience on the one hand, while enforcing strong authentication where it is most needed …

Time Based One Time Password (TOTP)

Time-based One-Time Password (TOTP) is a single-use passcode typically used for authenticating users. The user is assigned a TOPT generator delivered as a hardware key fob or software token. The generator implements an algorithm that computes a one-time passcode using a secret shared with the authentication server and the current time – hence the name time-based OTP. The passcode is displayed …

Push Notification Authentication (Push Authentication)

Push Notification Authentication enables user authentication by sending a push notification directly to a secure application on the user’s device, alerting them that an authentication attempt is taking place. Users can view authentication details and approve or deny access, typically via a simple press of a button. Notifications can be sent in-band or out-of-band, using any number of communications channels. Push …

Privileged Access Management (PAM)

Privileged Access Management (PAM) refers to a class of solutions that help secure, control, manage and monitor privileged access to critical assets. To achieve these goals, PAM solutions typically take the credentials of privileged accounts – i.e. the admin accounts – and put them inside a secure repository (a vault)  isolating the use of privileged accounts to reduce the risk of …

Key Distribution Center (KDC)

A key distribution center (KDC) is a component in an access control system responsible for servicing user requests to access resources by supplying access tickets and session keys. The KDC will use cryptographic techniques to authenticate requesting users, lookup their permissions, and grant them a ticket permitting access. The user can then present the ticket to the target resource/system, which verifies …

Smart Card Authentication

A smart card is a secure microcontroller that is typically used for generating, storing and operating on cryptographic keys. Smart card authentication provides users with smart card devices for the purpose of authentication. Users connect their smart card to a host computer. Software on the host computer interacts with the keys material and other secrets stored on the smart card to …

Step Up Authentication

Step up authentication is the process by which a user is challenged to produce additional forms of authentication to provide a higher level of assurance that he is in fact who he claims to be. Step up authentication is typically implemented as part of an adaptive authentication scheme that seeks to match the risk level of the request with the assurance …

Active Directory (AD)

Active Directory (AD) is an identity directory service for users and computers that was developed and marketed by Microsoft for use on Windows domains. The AD service is comprised of several sub-services, with some of the main ones described below: Active Directory Domain Services (AD DS), also known as a domain controller, stores all the user and computer information for members …