Two-factor authentication (2FA) is the security authentication method that requires two pieces of predetermined evidence (factors) before being granted authorization. 2FA is a subset of multi-factor authentication (MFA). The difference between 2FA and MFA is the number of factors. 2FA is basically two layers of security required before a user can access an account or system.
Access control is the selective process of granting or denying permission to gain access to system (e.g. a computer, data) or a physical location (door, office, building).
Active Directory (AD) is a directory service for Windows domain networks. AD is responsible for authenticating and authorizing users on the network.
An Advanced Persistent Threat (“APT”) is a cyber attack in which a team of intruders use continuous, sophisticated hacking techniques to establish a long-term presence on a network, intending to breach highly sensitive data.
AES-256 encryption is a standard U.S. block cipher algorithm for protecting (encrypting) data at rest.
The attack surface is the sum of all possible attack directions ("attack vectors") in an environment. There are two types of attack surfaces: physical and digital.
"Backdoor" in computer security is synonymous with a "maintenance hook" - a second, hidden way into the software/system that may allow malicious entities to bypass security.
Behavioral authentication is based on a person's movement characteristics. Other types of authentication include something you know (passwords), something you have (security token), something you are (fingerprint biometrics). Behavioral authentication includes something you do. Examples include gaze-based authentication, signature-based authentication, and movement-based authentication.
A form of identification and access control based on a person's physical attribute. The most common physiological characteristic used for identification is the fingerprint. Biometric authentication falls under the authentication type of something you are. Types of biometric authentication include facial biometrics, vein scans, and fingerprint biometrics.
The Biometric Information Privacy Act (BIPA) requirements apply to any private entity collecting, storing, or transmitting biometric information and doing business in the state of Illinois to comply with requirements on the collection and storage of biometric information.
A type of malicious hacker whose intent is to thwart security barriers to criminally access computer networks and steal private information. Usually these malicious entities don't possess much information on the systems they target.
A blacklist (or black list) is a list of programs, websites, and / or applications that are not permitted to be accessed within an organization or network.
A “bot” in cybersecurity is a software application that performs automated, time-consuming tasks on command. Cyber criminals use these bot programs to infect computers and take control for malicious purposes.
A brute-force attack is the process of utilizing the entire key space to perform an attack. This method involves trying every single possible combinations one after another. Brute-forcing can be successful in hacking accounts if the account was protected by an easily guessed password. An example of a weak password is 'password123'. An example of a strong password is 'o3jU8G6:3bn;d:30781cgSiHNUH4'.
Bring Your Own Device (BYOD) is the practice of allowing employees to bring and use their own connected devices (computers, smartphones, etc.) for work purposes. BYOD brings new challenges for IT managers trying to keep access control tight.
One of the oldest and simplest encryption methods by shifting plain text letters (substitution shift) to avoid them being readable to anyone but the intended parties. This cipher technique was used by General Gaius Julius Caesar in his military campaigns to protect his army's situation, whereabouts, movements, and plans in the 1st century BC.
Cascade login (or "cascading login") is known as a login method that accesses multiple login accounts using one factor. A secure cascade login is similar to SSO but instead of using one's Gmail or Facebook account, the user will use authentication factor (hardware token, biometric).
The FBI's CJIS (Criminal Justice Information Services) compliance requires any law enforcement agency or other government agency that has access to CJIS databases protect access to that data. Failure to adhere to CJIS compliance could result in loss of access to FBI databases.
There are five levels of CMMC. CMMC Level 3 includes the 110 security requirement specifications from NIST SP 800-171. The CMMC Model also incorporates standards from NIST SP 800-53.
Continuous authentication is a method of identity confirmation on an ongoing basis. Instead of a user simply being logged in once, the authentication mechanism continues to re-verify the identity of the session user even after logging in. Authentication that continues to challenge is significantly more secure than an authentication system that only challenges once a day.
Assets that the government considers crucial to the security, economy, and/or public health of the country. Presidential Policy Directive 21 (PPD-21) identified 16 critical infrastructure sectors in the US, including healthcare.
Cyber security is the protection of computer and digital systems to prevent unauthorized access and disruption of service. Cyber security involves both the digital and physical security aspects that protect computers and virtual data.
A cybercriminal gang is a group of individuals or entities involved in digital crime. Cybercriminal gangs have been responsible for more advanced threats with better organization and access to greater resources and funding. Most APTs are executed by either cybercriminal gangs or nation-states.
A data breach is a security incident in which information is accessed by an unauthorized party. Data breaches can be caused by phishing, social engineering, insider threats, and careless employees. Many potential data breaches can be prevented by deploying two-factor authentication solutions and using a password manager to enforce strong passwords.
Data encryption in cybersecurity is a conversion of data from readable form into encoded format. This data is useable only when it is decoded with a unique decryption key which is usually generated before or during the encryption. Data encryption is a building block of data security and there is hardly a network system that does not use this technique.
Data protection refers to a set of strategies and processes for protecting sensitive data from compromise, corruption, or loss. The data protection strategy assures that the organization’s data is also available for future use and in the worst case of data loss, the system should restore it to the functional state.
The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the Federal Acquisition Regulation (FAR) system that provides acquisition compliance requirements for the Department of Defense (DoD) procurement process.
The Enigma machine was an electromechanical encryption device invented in 1918 by German electrical engineer Arthur Scherbius. The Enigma machine was used by the German military to send encrypted messages up to the end of World War II. This cipher machine in the form of a typewriter came in multiple variations for different purposes such as commercial and military.
The General Data Protection Regulation (GDPR) was established by the European Union to address data protection and privacy concerns in the EU.
A hardware token is a portable security device used for authenticating into a system. Examples of hardware tokens include proximity keys, electronic key fobs, OTP tokens, or USB flash drives. Research by Google Security and several universities have found that physical security tokens are the most resilient to account takeover attacks.
The purpose of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is to protect the privacy of patients, ensure patient data is appropriately secured, and to enforce the reporting of any data breaches in a timely manner.
Identity access management ("IAM") is a set of policies and technologies that ensures the correct users have access to the technology resources. IAM systems are part of the information technology security and data management operations. Access management and identity systems are used to identify, authenticate, and control access for those who use IT resources.
Insider threats are malicious threats that an organization faces from within - employees, former employees, third party vendors, contractors, or business associates. Insider threats can be mitigated using two-factor authentication solutions and vigilant password management. For example, make sure ex-employees don't still have access to any company accounts.
A keylogger is a device or software used to record keyboard strokes. Malicious actors may attempt to use keyloggers to record a target's username and password in order to gain unauthorized access to their accounts.
Kiosk mode (or "Kiosk setting") is a setting for a computer/terminal to only perform a specific or limited number of functions. A computer in "kiosk mode" for example might be used in stores and transportation for self-service and management. A kiosk terminal may be limited to a specific software application(s) that only performs the few functions meant for that terminal.
Logical access control is the identification, authentication, and authorization into computers, systems, information, and data.
Multi-factor authentication (MFA) is a security authentication mechanism that requires multiple (two or more) components of predetermined evidence (factors) before being granted authorization. 2FA is a subset of multi-factor authentication (MFA), the difference is the number of factors. MFA may require more than two factors of authentication before the user can access a system.
The National Institute of Standards and Technology (NIST), a part of the U.S. Department of Commerce (DOC), is responsible for promoting innovation and industrial competitiveness in the U.S. The agency developed NIST 800-171 to protecting unclassified information in nonfederal information systems and organizations.
A one-time password (OTP) is a temporary password that is only active for a short period of time (as short as 30 seconds). OTPs are generally used as a 2nd factor of authentication in 2FA/MFA. The OTP can be sent to either the user's hardware token, email, their phone via text SMS or a software application.
During authentication, the password (or "passphrase" / "passcode") is the object used to verify the identity of a claimed party. Passwords are commonly alphanumeric character combinations like "I'mGl@dIT's_FRIdayy2daye!". Recently, cyber criminals have been seeing rapidly growing success by exploiting people that use weak passwords that can be easily guessed. Tokens, biometrics, secret handshakes, signs, spoken phrases, physical gestures, sounds and more have also been used as passwords replacements.
Passwordless authentication is an authentication mechanism in which users log in to systems without typing a password. Instead, passwordless authentication usually takes the form of possession factor (something you have) or inherent factor (biometrics - something you are). Passwordless authentication is easier to manage for IT teams and easier to use for end users. Instead of managing thousands of passwords across hundreds of users, eliminate all those passwords instantly.
Passwordless MFA is an authentication mechanism that combines passwordless authentication and multi-factor authentication. Unlike traditional MFA, passwordless MFA requires users to log in to systems without typing a password, but also with one or more additional factors.
A prevalent behavior problem wherein people will use the same password for different credentials. The problem with reusing the same password is that if one password is somehow compromised, the other credentials may be too easily compromised as well.
Password rage is what happens after someone has too much password stress/password fatigue. The user will become stress and shout, swear, or cry in response to password difficulties. The amount of stress that can accumulate from constantly having problems with passwords can be very high since these passwords are the key to your digital life (bank, credit, communications, etc.).
Password sharing (or "account sharing") occurs when a user gives their login credentials to someone else for the purposes of shared access under one account. Password sharing has several ramifications for different parties. The largest risk involved in sharing passwords is the obvious security risk of trusting the other person that now has access.
Password stress / password fatigue is caused by users having to memorize and type a large and growing number of username and password combinations. The problem is that good security means unique usernames and passwords that are both long and complex (high entropy). But the amount of stress involved in memorizing and typing these long passwords on a daily basis takes a strong toll on the users.
A password vault ("password manager" or "password wallet") is a digital tool that stores passwords so that users do not have to worry about remembering what their passwords are. Generally, a password vault is known more for securely storing passwords while a password manager is known for also offering additional management services.
Penetration tests (also known as Pen Tests) are procedures that simulate a malicious actor's attacks on a system to identify potential vulnerabilities. Penetration tests can be performed on computer networks, software code, platforms, and physical devices.
A type of social engineering attack that attempts to acquire secret information such as login credentials, bank information, and other high-value data assets. Usually the perpetrator will ask potential victims to "confirm" their confidential information. IT managers must maintain a strong cyber security posture to prevent end users from falling victim to constant phishing attacks.
Piggybacking is a social engineering act that occurs when an unauthorized user follows an authorized user into a system with consent. In physical security, piggybacking mainly occurs at access control points. In digital security, piggybacking occurs when users give computer and website access to others.
The process of authenticating a person's identity through the validation of presence. Proximity authentication involves using either sensors to determine how close the a key (token or phone) is or an older example of motion detectors to catch a person's arrival.
A very popular form of malware designed to lock a victim out of their computer, system, or files, then demand a ransom to regain access. In most cases, victims are emailed what appears to be a legitimate email from a trusted source, opens the email, and opens an attachment that contained malicious ransomware.
Risk-based authentication is a type of authentication mechanism that uses a "risk profile" of a user to determine the level of authentication required. An example of risk-based authentication (RBA) is using multiple elements such as a user's geolocation and time of day to decide whether that user requires a strong authentication (e.g. password plus OTP) or a weaker authentication.
The RSSI (Received Signal Strength Indicator) is the measurement of how well a device can read a particular wireless radio signal. A higher RSSI number (e.g. -25) means a powerful and accurate signal. A lower RSSI number (e.g. -75) means that the signal is not as clear and accurate (due to being further away, obstructed, or both).
The Saudi Arabian Monetary Authority (SAMA) introduced the SAMA Cyber Security Framework for all banks, insurance companies, and finance companies operating in Saudi Arabia to adhere to.
A shared account is a single login account that is shared between multiple people. Typical examples of shared accounts include sharing a computer login account, email accounts, streaming services. Shared accounts allow multiple users to access a resource that may have only been meant for a single user. In corporate IT security, shared accounts are not in line with best practices due to the lack of accountability and auditability.
A shared workstation is a computer that is accessed by more than one user. Also known as a "kiosk computer". In most cases, workstations in the workplace are shared because of a need to share a certain desktop application login, save cost on licensing per user accounts, or just to save time on logging in.
Shoulder surfing is a social engineering act of looking over a user's shoulder to gain unauthorized data. A prime example of shoulder surfing is watching someone's keystrokes as they type their password. Shoulder surfing can also occur over CCTV camera footage or even by malicious actors using high-powered binoculars.
Social engineering is a method of manipulation seeks to exploit people (usually confidential information such as login credentials, bank information, etc.) using social behavior such as trust. Social engineering can happen unknowingly since lying and subterfuge are components used by social engineers in their methods. Mitigating social engineering risks is key to a strong cyber security posture.
A software token ("soft token") is a software-based security token (rather than hardware-based, such as a physical key fob). The software token can be stored on the laptop, desktop, smartphone, or other electronic device.
Tailgating is a social engineering act that occurs when an unauthorized user follows an authorized user into a system without the authorized user's consent. An example of tailgating is when a user (the victim) leaves their computer for let's say coffee, lunch, or meeting, and another user (the malicious actor) goes onto their unlocked computer. Tailgating most commonly happens when a user leaves their computer without locking it due to negligence, incompetence, forgetfulness, or even laziness.
Thin client computers work in much the same way as a standard computing device. While a standard computing device will draw resources from its onboard components. The thin client, however, will draw resources from a centralized server elsewhere.
A program that appears to be non-threatening, but in fact has underlying malicious intent. This type of malicious program is named after the famous Trojan Horse used by the Greek army to deceptively defeat Troy in Virgil's Aeneid.
Knowledge-based authentication. Authentication based on something you know that is non-tangible like a password, passphrase, PIN, or secret code.
Knowledge authentication is the most cost-effective and common type of authentication, but also the most susceptible to hacking.
Possession-based authentication. Authentication based on something you physically have like a key fob token with one-time passwords, ID badge, or a key.
An advantage to requiring a physical device for authentication is that the attack surface is greatly limited since a hacker would need the physical key.
Inherence-based authentication. Authentication based on a physical characteristic unique to a person (biometrics including fingerprint, facial, and vein scans).
Strong authentication since a fingerprint is cannot be guessed or replicated. However, once a biometric fingerprint is compromised, it is forever compromised since one cannot ever change their fingerprints.
Also referred to as a "User ID" or "Account Name", the username is the designation used by a user to identify themselves on a system/network. The username is usually accompanied by a password.
A computer virus is a malicious software program that infects a host machine (target computer) to propagate. Preventing computer viruses from infecting an organization's computer(s) or network is a top priority for cybersecurity teams.
The Voluntary Product Accessibility Template (VPAT) is a reporting format that assists Federal contracting officials and other buyers in assessing a product's level of availability and conformance with Section 508 technical standards of the U.S. Rehabilitation Act. Federal agencies are required when purchasing information technology/electronics to make the product/service accessible to employees with disabilities.
A small object used as a cover for webcams on monitors, laptops, tablets, and phones to prevent potential unauthorized parties from being able to see. This is useful in case someone gains unauthorized access to your webcam.
A phishing attack that targets high-value individuals of an organization or company (i.e. CEO, CFO, CISO, CTO, CIO, etc.) through social engineering.
White hat hacking, also known as ethical hacking, refers to penetrating the system of an organization with its permission to test its vulnerabilities and risks. The firm hires white hat hackers or computer security experts to break the security system of a network to identify and fix the potential vulnerabilities that a cybercriminal might exploit.
An exploit for a vulnerability with no currently available or known patch yet. On the first day a resolution (patch) becomes available, it will be "day one".
According to studies, over 30% of all support tickets are related to password resets/forgotten passwords.
Enterprise 2FA and password manager. One key for all your passwords. Experience fully automated login and security. Faster 2FA, auto-OTP, password manager, and worry-free workflow with proximity-based privileged access management for Windows 11, 10, 8, 7, macOS, desktop applications, and websites.