Glossary
- 2FA / Two-factor authentication
-
The process of using a secondary means of identification during a login or user discovery step. Typically, your first authentication system is a username and password, then your second factor of authentication may be a code provided by SMS to a registered phone number, a registered fingerprint, code via email, etc.
- Ciphertext
-
Unreadable output of an encryption algorithm.
- Cleartext
-
Human-readable data that is transmitted or stored unencrypted.
- EFF
-
The Electronic Frontier Foundation. A nonprofit dedicated to protecting user privacy and civil liberties in the digital world.
- Entropy
-
In the context of identity, this concerns the amount of information that is discoverable about users, determining the likelihood that users are who they say they are.
- MFA
-
Multifactor authentication is a means of user identification that requires more than one method of authenication (username and password, SMS code, email code, fingerprint, etc.).
- NIST
-
The National Institute of Standards and Technology, a unit of the US Commerce Department. NIST promotes and maintains measurement standards and maintains active programs for encouraging and assisting industry and science to develop and use these standards.
- OWASP
-
The Open Web Application Security Project is a community that maintains tools, documentation, and guides in the field of web application security, and is considered a forefront standard in the space.
- Plain text
-
Human-readable data that is supplied to the encryption algorithm
- Security-layering
-
The practice of using multiple security mechanisms in a stacked approach to protect identity, data, and resources.
- U2F
-
Universal 2nd Factor is an open authentication security standard that aims to strethen/simplify two-factor authentication using specialized USB or NFC devices based on similar security technology found in smart cards.
- UAF
-
The Universal Authentication Framework protocol defines the process for passwordless user experiences. This may be through voice commands, facial recognition, or another similar standard.