Two-factor authentication (2FA) is the security authentication method that requires two pieces of predetermined evidence (factors) before being granted authorization. 2FA is a subset of multi-factor authentication (MFA), the difference is the number of factors. Simply two layers of security required before a user can access an account or system.

Access control is the selective process of granting or denying permission to gain access to system (e.g. a computer, data) or a physical location (door, office, building).

Active Directory (AD) is a directory service for Windows domain networks, responsible for authenticating and authorizing users on the network.

AES-256 encryption is a standard U.S. block cipher algorithm for protecting (encrypting) data at rest.

The attack surface is the sum of all possible attack directions ("attack vectors") in an environment. There are two types of attack surfaces: physical and digital.

Synonymous with a "maintenance hook" - a second, hidden way into the software/system that may allow malicious entities to bypass security.

Behavioral authentication is based on a person's movement characteristics.

A form of identification and access control based on a person's physical attribute. The most common physiological characteristic used for identification is the fingerprint.

The Biometric Information Privacy Act (BIPA) requirements apply to any private entity collecting, storing, or transmitting biometric information and doing business in the state of Illinois to comply with requirements on the collection and storage of biometric information.

A type of malicious hacker whose intent is to thwart security barriers to criminally access computer networks and steal private information. Usually these malicious entities don't possess much information on the systems they target.

A blacklist (or black list) is a list of programs, websites, and/or applications that are not permitted to be accessed within an organization.

A process of utilizing the entire key space to perform an attack. This method involves trying every single possible combinations one after another.

Bring Your Own Device (BYOD) is the practice of allowing employees to bring and use their own connected devices (computers, smartphones, etc.) for work purposes.

One of the oldest and simplest encryption methods by shifting plain text letters (substitution shift) to avoid them being readable to anyone but the intended parties. This cipher technique was used by General Gaius Julius Caesar in his military campaigns to protect his army's situation, whereabouts, movements, and plans in the 1st century BC.

Cascade login (or "cascading login") is known as a login method that accesses multiple login accounts using one factor. A secure cascade login is similar to SSO but instead of using one's Gmail or Facebook account, the user will use authentication factor (hardware token, biometric).

The FBI's CJIS (Criminal Justice Information Services) compliance requires any law enforcement agency or other government agency that has access to CJIS databases protect access to that data.

Continuous authentication is a method of identity confirmation on an ongoing basis. Instead of a user simply being logged in once, the authentication mechanism continues to re-verify the identity of the session user even after logging in.

Assets that the government considers crucial to the security, economy, and/or public health of the country.

Presidential Policy Directive 21 (PPD-21) identified 16 critical infrastructure sectors in the US.

A data breach is a security incident in which information is accessed by an unauthorized party.

The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the Federal Acquisition Regulation (FAR) system that provides acquisition compliance requirements for the Department of Defense (DoD) procurement process.

The Enigma machine was an electromechanical encryption device invented in 1918 by German electrical engineer Arthur Scherbius. The Enigma machine was used by the German military to send encrypted messages up to the end of World War II. This cipher machine in the form of a typewriter came in multiple variations for different purposes such as commercial and military.

The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the Federal Acquisition Regulation (FAR) system that provides acquisition compliance requirements for the Department of Defense (DoD) procurement process.

A hardware token is a portable security device used for authenticating into a system. Examples of hardware tokens include proximity keys, electronic key fobs, OTP tokens, or USB flash drives.

The purpose of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is to protect the privacy of patients, ensure patient data is appropriately secured, and to enforce the reporting of any data breaches in a timely manner.

Insider threats are malicious threats that an organization faces from within - employees, former employees, third party vendors, contractors, or business associates. 

A keylogger is a device or software used to record keyboard strokes. Malicious actors may attempt to use keyloggers to record a target's username and password in order to gain unauthorized access to their accounts.

Kiosk mode (or "Kiosk setting") is a setting for a computer/terminal to only perform a specific or limited number of functions. A computer in "kiosk mode" for example might be used in stores and transportation for self-service and management. A kiosk terminal may be limited to a specific software application(s) that only performs the few functions meant for that terminal.

Logical access control is the identification, authentication, and authorization into computers, systems, information, and data.

Multi-factor authentication (MFA) is a security authentication mechanism that requires multiple (two or more) components of predetermined evidence (factors) before being granted authorization. 2FA is a subset of multi-factor authentication (MFA), the difference is the number of factors. MFA may require more than two factors of authentication for required before a user can access a system.

The National Institute of Standards and Technology (NIST), a part of the U.S. Department of Commerce (DOC), is responsible for promoting innovation and industrial competitiveness in the U.S. The agency developed NIST 800-171 to protecting unclassified information in nonfederal information
systems and organizations.

A one-time password (OTP) is a temporary password that is only active for a short period of time (as short as 30 seconds). OTPs are generally used as a 2nd factor of authentication in 2FA/MFA. The OTP can be sent to either the user's hardware token, email, their phone via text SMS or a software application. 

During authentication, the password (or "passphrase"/"passcode") is the object used to verify the identity of a claimed party. Passwords are commonly alphanumeric character combinations like "I'mGl@dIT's_FRIdayy2daye!". Recently, cyber criminals have been seeing rapidly growing success by exploiting people that use weak passwords that can be easily guessed. Secret handshakes, signs, spoken phrases, physical gestures, sounds and more have also been used as passwords.

Passwordless authentication is an authentication mechanism in which users log in to systems without typing a password. Instead, passwordless authentication usually takes the form of possession factor (something you have) or inherent factor (biometrics - something you are).

Passwordless MFA is an authentication mechanism that combines passwordless authentication and multi-factor authentication. Passwordless MFA requires users to log in to systems without typing a password, but also with one or more additional factors.

A prevalent behavior problem wherein people will use the same password for different credentials. The problem with reusing the same password is that if one password is somehow compromised, the other credentials may be too easily compromised as well.

Password rage is what happens after someone has too much password stress/password fatigue. The user will become stress and shout, swear, or cry in response to password difficulties. The amount of stress that can accumulate from constantly having problems with passwords can be very high since these passwords are the key to your digital life (bank, credit, communications, etc.).

Password sharing (or "account sharing") occurs when a user gives their login credentials to someone else for the purposes of shared access under one account. Password sharing has several ramifications for different parties. The largest risk involved in sharing passwords is the obvious security risk of trusting the other person that now has access.

Password stress / password fatigue is caused by users having to memorize and type a large and growing number of username and password combinations. The problem is that good security means unique usernames and passwords that are both long and complex (high entropy). But the amount of stress involved in memorizing and typing these long passwords on a daily basis takes a strong toll on the users.

A password vault ("password manager" or "password wallet") is a digital tool that stores passwords so that users do not have to worry about remembering what their passwords are. Generally, a password vault is known more for securely storing passwords while a password manager is known for also offering additional management services.

Penetration tests (also known as Pen Tests) are procedures that simulate a malicious actor's attacks on a system to identify potential vulnerabilities. Penetration tests can be performed on computer networks, software code, platforms, and physical devices.

A type of social engineering attack that attempts to acquire secret information such as login credentials, bank information, and other high-value data assets. Usually the perpetrator will ask potential victims to "confirm" their confidential information.

Piggybacking is a social engineering act that occurs when an unauthorized user follows an authorized user into a system with consent. In physical security, piggybacking mainly occurs at access control points. In digital security, piggybacking occurs when users give computer and website access to others.

The process of authenticating a person's identity through the validation of presence. Proximity authentication involves using either sensors to determine how close the a key (token or phone) is or an older example of motion detectors to catch a person's arrival.

A very popular form of malware designed to lock a victim out of their computer, system, or files, then demand a ransom to regain access. In most cases, victims are emailed what appears to be a legitimate email from a trusted source, opens the email, and opens an attachment that contained malicious ransomware.

Risk-based authentication is a type of authentication mechanism that uses a "risk profile" of a user to determine the level of authentication required. An example of risk-based authentication (RBA) is using multiple elements such as a user's geolocation and time of day to decide whether that user requires a strong authentication (e.g. password plus OTP) or a weaker authentication. 

The RSSI (Received Signal Strength Indicator) is the measurement of how well a device can read a particular wireless radio signal. A higher RSSI number (e.g. -25) means a powerful and accurate signal. A lower RSSI number (e.g. -75) means that the signal is not as clear and accurate (due to being further away, obstructed, or both). 

The Saudi Arabian Monetary Authority (SAMA) introduced the SAMA Cyber Security Framework for all banks, insurance companies, and finance companies operating in Saudi Arabia to adhere to.

Shoulder surfing is a social engineering act of looking over a user's shoulder to gain unauthorized data. A prime example of shoulder surfing is watching someone's keystrokes as they type their password.

Social engineering is a method of manipulation seeks to exploit people (usually confidential information such as login credentials, bank information, etc.) using social behavior such as trust. Social engineering can happen unknowingly since lying and subterfuge are components used by social engineers in their methods.

A software token ("soft token") is a software-based security token (rather than hardware-based, such as a physical key fob). The software token can be stored on the laptop, desktop, smartphone or other electronic device.

Tailgating is a social engineering act that occurs when an unauthorized user follows an authorized user into a system without the authorized user's consent. An example of tailgating is when a user (the victim) leaves their computer for let's say coffee, lunch, or meeting, and another user (the malicious actor) goes onto their unlocked computer. Tailgating most commonly happens when a user leaves their computer without locking it due to negligence, forgetfulness, or even laziness.

A program that appears to be non-threatening, but in fact has underlying malicious intent. This type of malicious program is named after the famous Trojan Horse used by the Greek army to deceptively defeat Troy in Virgil's Aeneid.

Knowledge-based authentication. Authentication based on something you know that is non-tangible like a password, passphrase, PIN, or secret code.

Knowledge authentication is the most cost-effective and common type of authentication, but also the most susceptible to hacking.

Possession-based authentication. Authentication based on something you physically have like a key fob token with one-time passwords, ID badge, or a key.

An advantage to requiring a physical device for authentication is that the attack surface is greatly limited since a hacker would need the physical key.

Inherence-based authentication. Authentication based on a physical characteristic unique to a person (biometrics including fingerprint, facial, and vein scans).

Strong authentication since a fingerprint is cannot be guessed or replicated. However, once a biometric fingerprint is compromised, it is forever compromised since one cannot ever change their fingerprints.

Also referred to as a "User ID" or "Account Name", the username is the designation used by a user to identify themselves on a system/network. The username is usually accompanied by a password.

A computer virus is a malicious software program that infects a host machine (target computer) to propagate. Preventing computer viruses from infecting an organization's computer(s) or network is a top priority for cybersecurity teams.

The Voluntary Product Accessibility Template (VPAT) is a reporting format that assists Federal contracting officials and other buyers in assessing a product's level of availability and conformance with Section 508 technical standards of the U.S. Rehabilitation Act. Federal agencies are required when purchasing information technology/electronics to make the product/service accessible to employees with disabilities.

A small object used as a cover for webcams on monitors, laptops, tablets, and phones to prevent potential unauthorized parties from being able to see. This is useful in case someone gains unauthorized access to your webcam.

A phishing attack that targets high-value individuals of an organization or company (i.e. CEO, CFO, CISO, CTO, CIO, etc.) through social engineering.

An exploit for a vulnerability with no currently available or known patch yet. On the first day a resolution (patch) becomes available, it will be "day one".

According to studies, over 30% of all support tickets are related to password resets/forgotten passwords.

Touchless, contactless, passwordless 2FA with continuous authentication. One key for all your passwords. Experience fully automated login and security. Instant 2FA, auto-OTP, password manager and worry-free workflow with proximity-based privileged access management for Windows 10, 8, 7, macOS, desktop applications, and websites.

Download the free Android app.

Proximity-based passwordless 2FA

Active Directory integration with admin console

Automatic lock for all workstations

Continuous authentication password manager

Automatic OTP on websites for 2FA

Wireless login for PC, Mac, web, and software

or call 240-547-5446