Account Authentication & Password Security Flashcards

Front

Authentication

Back

The process of verifying a user's identity before granting access to a system or resource. Authentication can rely on something you know, something you have, or something you are.

Front

Password Strength

Back

A measure of how resistant a password is to guessing and cracking attacks. Strength depends on length, complexity, unpredictability, and avoidance of common patterns or dictionary words.

Front

Passphrase

Back

A sequence of words or a sentence used as a password to increase memorability and entropy. Passphrases are typically longer than passwords and offer better resistance to brute-force attacks when well chosen.

Front

Two-factor Authentication

Back

A security method requiring two different types of credentials from independent categories to verify identity. Common implementations combine a password plus a one-time code from a device or app.

Front

Multi-factor Authentication

Back

An authentication approach that requires two or more independent credentials from categories like knowledge, possession, and inherence. MFA significantly reduces the risk of unauthorized access compared with single-factor methods.

Front

Password Manager

Back

A tool that securely stores and manages passwords, often generating strong unique credentials for each account. Password managers reduce reuse of passwords and help users maintain complex secrets without memorization.

Front

Hashing

Back

A one-way cryptographic function that converts data (like a password) into a fixed-length value called a hash. Hashing is used to store passwords securely so the original password cannot be easily recovered from the hash.

Front

Salt

Back

Random data added to a password before hashing to ensure identical passwords produce different hashes. Salting defends against precomputed attacks like rainbow tables and makes large-scale cracking more difficult.

Front

Brute-force Attack

Back

An attack that tries every possible password combination until the correct one is found. The time required grows exponentially with password length and complexity, so long, complex passwords greatly mitigate this threat.

Front

Dictionary Attack

Back

A password-cracking method that tries a list of likely passwords or words rather than all combinations. It is effective against weak or commonly used passwords and can be enhanced with common substitutions and patterns.

Front

Phishing

Back

A social engineering technique where attackers trick individuals into revealing credentials or sensitive information, often using fraudulent emails or websites. Phishing defenses include user education, email filtering, and two-factor authentication.

Front

Social Engineering

Back

Manipulative techniques used to exploit human psychology to gain unauthorized access or information. Social engineering often bypasses technical controls by targeting trust, fear, or urgency.

Front

Biometrics

Back

Authentication methods that rely on physical or behavioral traits like fingerprints, facial recognition, or voice patterns. Biometrics can be convenient but raise privacy and spoofing concerns, and compromised biometric data cannot be changed like a password.

Front

Session Management

Back

Mechanisms that maintain and secure a user's authenticated state after login, typically using cookies or tokens. Proper session management includes expiration, secure storage, and protection against hijacking or fixation attacks.

Front

Single Sign-On

Back

An authentication scheme allowing a user to access multiple applications with one set of credentials. SSO improves usability but centralizes risk, so it must be combined with strong authentication and monitoring.

Front

OAuth

Back

An open standard for delegated access that allows applications to act on behalf of a user without sharing the user's password. OAuth issues tokens with specific scopes and lifetimes to limit access.

Front

Account Recovery

Back

Processes that let users regain access to their accounts when they forget credentials, typically via email, phone, or security questions. Secure recovery must balance usability with protections against takeover by attackers.

Front

Transport Layer Security

Back

A protocol (TLS) that encrypts data in transit between clients and servers to prevent eavesdropping and tampering. Properly configured TLS is essential for protecting credentials submitted during sign-in.