DynaPass Authentication Glossary


Archive for the ‘Authentication’ Category

Authentication

Authentication or User Authentication is the process of verifying a users identity. A simple authentication, for example, can be a logging into one’s email which requires a static username and password. A stronger method of authentication is two-factor or multi-factor authentication, which may use a standard ID and password in addition to a second factor, such as a security token or biometric factor such as a fingerprint.

See DynaPass Two-factor Authentication

Authentication Token

During multi-factor and two-factor authentication processes a device may be used for one time password generation or OTP transmission. Known as an authentication token and ranging from a proprietary device to a regular mobile phone these tokens are used for out-of-band authentication. Many times when discussing the cost of authentication security the token is mentioned due to the costs associated with hardware creation and network expenses. Downsides to tokens are that they can be misplaced, stolen or broken.

See DynaPass Two-Factor Authentication

Basic Authentication

Basic Authentication is the simplest form of authentication which uses only user name and password to identify a user. This is often very insecure since usernames and passwords can be easily obtained by man-in-the-middle and other forms of cyber attacks.

See DynaPass Two-factor Authentication

Biometric Authentication

Biometric authentication is when biological measurements, such as the distance between mapped out points on fingerprints or in the retina, are used as identifying factors while authenticating a user. During mutli and two-factor authentication processes biometrics could be considered the “something you are” factor. However the high cost associated with this type of authentication along with the nature of scanning makes it less desirable.

See DynaPass Two-Factor Authentication

Digital Signature

A Digital Signature validates the authenticity of a digital message or document as coming from the original sender ususally through the use of a public/private key encryption system. The private key is used to encrypt the hash of a message and only the corresponding public key can decrypt it. If the hashes match the message is validated. Likewise only the private key can decrypt the a message encrypted by the corresponding public key. Digital signatures are considered an equivalent of a hand signature and anyone who uses a digital signature with a message can not repudiate the fact that they sent the message.

Mobile Authentication

Any authentication solution that delivers any factor of the identification process through a mobile device is utilizing mobile authentication. This could be a one-time password transmitted through SMS text message or even email. Even an application on a mobile device that generates an OTP offline is also considered to be mobile authentication.

See DynaPass Two-Factor Authentication

Multi-Factor Authentication

A method of authentication that requires two or more forms of evidence used to identify a person. One form of evidence may be something the user knows, such as a password or PIN. A second form of evidence may be something the user has, such as an ATM card or mobile device. The third may be biometric data such as a fingerprint. Two-factor authentication is considered multi-factor authentication since it uses more than one factor for verification.

See DynaPass Two-factor Authentication

One-Time Password (OTP)

A one-time password (OTP) is a password that is only valid for one session or transaction. Unlike traditional static passwords, one-time passwords are not vulnerable to replay attacks. This means that if a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he or she will not be able to use it again since the password is no longer valid. One-time password generations are random which make them hard to predict. There are different ways to make the user aware of an OTP. Some systems use electronic tokens that the user carries that generate a one-time password and show them using a small display. Other systems focus on software that run on a user’s mobile phone and there are systems that generate one-time passwords on the server side and then send them to the user using an out-of-band channel such as SMS messaging.

See DynaPass Two-Factor Authentication
See DynaPass One-time Password

Out-of-Band Authentication

Authentication that requires utilizing a separate network for transmission of identification factors is considered out-of-band. An example would be during two-factor authentication when a user logs into an online banking account. When a bank account holder logs into the banks website from their home computer with traditional login credentials a one-time password may be delivered to their mobile phone through SMS text message. This mobile OTP is an out-of-band authentication solution because it utilizes the cellular phone company’s network for transmission as opposed to the network which established the connection.

See DynaPass Two-Factor Authentication

Pass Code

Different from a password, a pass code is a numeric only version. The most common pass code used by almost everyone is a PIN for an ATM, the personal identification number is purely numeric. Pass codes do not offer a high level of security because the process for brute force cracking is much easier.

See DynaPass Two-Factor Authentication

Security Token

An authentication device often used as a second factor (something the user has) to verify a person’s identity. Some businesses such as banks or online subscriptions may give users a usb device to attach to their computer or a device which generates a one-time password used when logging into an application or website.

See DynaPass Two-factor Authentication

Strong Password

All passwords are not created equally and a weak password could be easy to hack or crack. A strong password can protect against hacker attacks and social engineering by consisting of more characters than usual and utilizing different cases, symbols and numbers. By breaking up whole words a password could become more secure as well as utilizing both case types. For example the password “authentication” could be cracked fairly easily, however the password “Auth3nticati0n$” would be extremely difficult to hack, crack or figure out through personal information making it a strong password.

See DynaPass Two-Factor Authentication

Two Factor Authentication – Dual Factor Authentication (2FA)

Two Factor Authentication (TFA or 2FA) is also called strong authentication and is a security process which requires two independent mechanisms for authentication.  Two factor authentication implies the use of two out of the three factors to assert an entity’s identity to another entity. The three factors are: Something you know, like a Personal Identification Number (PIN); Something you have, like a mobile device for receiving a one time password or ATM card; Something you are, like a face scan, iris scan or your fingerprint.  Two factor authentication is used generally in electronic computer authentication where stronger means of authentication is needed to protect sensitive data.  For example, electronic personal health information (ePHI) on a computer accessed by many different individuals can be exposed and can result in HIPAA fines and violations for the medical institution.  Two factor authentication can be used in these instances to decrease the probability of a non authorized user to access this information.

See DynaPass Two-Factor Authentication

Two Factor Authentication Token

During the two-factor authentication process which utilizes “something you have,” the two-factor authentication token refers to a physical property such as a USB token or a smart card that a user has. A commonly used two factor authentication token is a USB token that a user can stick into a computer via the USB drive to authenticate themselves.  Two Factor authentication tokens can be useful for organizations that have employees who need to access company data stored in different forms such as websites and company applications where tokens can be easy and convenient to use instead of remembering multiple static passwords.

See DynaPass Two-Factor Authentication

User Authentication

User authentication refers to identifying a user or entity and verifying that they are allowed access to restricted access.  The most common way of identifying a user is through the use of a username and static password.  Sometimes this refers to the CAPTCHA process of authenticating a user as human. In network security, user authentication refers to identifying a user along with which level of authorization their account may receive.

See DynaPass Two-Factor Authentication

Web Access Management

Web access management refers to security controls used to identify a user for authorized accessibility remotely. The process for web access management begins with authentication of the user based on a policy. At this point the system will usually log the user’s access for reporting, auditing and optional single sign-on accessibility.

See DynaPass Two-Factor Authentication