Glossary provides definitions and explanations of terms, jargon, or concepts specific to a particular field, subject area, or domain.

1. Two Factor Authentication (2FA)

A security feature that requires two types of credentials for authentication and is designed to provide an additional layer of validation, minimizing security breaches.

2. Multi-Factor Authentication (MFA)

An electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. The factors can be:

  • Knowledge is something only the user is aware of.
  • Possession is something that belongs to the user alone.
  • Inherence is a unique user characteristic, such as their biometrics.

MFA protects the user and the system they are trying to access from an unknown person trying to access their data such as personal ID details or financial assets.

3. Biometric Identification

Biometric authentication is a security process that relies on the unique biological characteristics of an individual to verify that he is who is says he is. Biometric authentication systems compare a biometric data capture to stored, confirmed authentic data in a database.

4. Presentation Attack Detection (PAD)

Biometric data, obtained either directly or covertly from a person online or through hacked systems, is sometimes used to attack a biometric system by creating spoofs or fakes. This attack might use a printed photo, an image, or video of a person on a tablet or by presenting a 3D mask or fake silicone fingerprint. A biometric spoof that is detected when presented to a biometric sensor is known as presentation attack detection (PAD).

5. Client to Authenticator Protocol (CTAP)

CTAP enables expanded use cases over previous FIDO standards. It enables external devices such as mobile handsets or FIDO security keys to work with browsers supporting WebAuthn, and also to serve as authenticators to desktop applications and web services. Identity as a Service (IDaaS) -- refers to identity and access management services that are offered through the cloud or SaaS (software-as-a-service) on a subscription basis. (SOURCE) Identity Authentication -- determines if the person is who they say they are by presenting identity documents such as a driver's license or passport that match the person presenting the document.

6. Identity Proofing

Identity proofing is a detailed authentication process that businesses use to ensure their clients are who they claim to be. To avoid data breaches and fraud, which can be costly, businesses can require multiple steps of identity verification, and identity proofing goes beyond basic authentication to add additional verification measures such as government documents, photo IDs, and personal questions.

7. Identity Management

The organizational process for identifying, authenticating, and authorizing individuals or groups of people to have access to applications, systems, or networks by associating user rights and restrictions with established identities.

8. Identity Verification

The process that determines "are you actually who you say you are" by verifying users or customers provide identity credentials associated with the identity of a real person.

9. Knowledge-Based Authentication (KBA)

The security concept relies on asking a client for personal information such as details of their last four transactions, mother's maiden name, and secret phrases, among other questions.

10. Strong Customer Authentication (SCA)

Based on the use of two or more elements categorized as knowledge (something only the user knows) such as passwords or PINs, possession (something only the user possesses) such as security tokens, and inherence (something the user is) such as fingerprints or facial biometric. These must be independent from one another, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.

11. Payment Services Directive (PSD2)

European directive designed to regulate payment processes throughout the European Union and European Economic Area.

12. Web Authentication (WebAuthn)

WebAuthn enables online services to use FIDO Authentication through a standard web API that can be built into browsers and related web platform infrastructure. It is a collaborative effort based on specifications initially submitted by the FIDO Alliance to the W3C and then iterated and finalized by the broader FIDO and W3C communities. WebAuthn was designated an official web standard in March 2019. It is currently supported in Windows 10 and Android platforms, and Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari web browsers.

13. General Data Protection Regulation (GDPR)

A legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).

14. Identity and Access Management (IAM)

Is the discipline that enables the right individuals to access the right resources at the right times for the right reasons.

IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.

15. Identity Fraud

The deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and perhaps to the other person's disadvantage or loss.

16. Application Programming Interface

Computing interface which defines interactions between multiple software intermediaries. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc.

17. Software Development Kit (SDK)

A collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger, and software framework.

18. Single Sign-On (SSO)

An authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

19. One Time Passwords (OTP)

Also known as a one-time PIN or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device.

20. Know Your Customer (KYC)

The mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time.

21. Passwordless Authentication

Method in which a user can log in to a computer system without entering (and remembering) a password or any other knowledge-based secret.