Authentication Methods
What is a password?
This is the most common means of authentication, but it can be stolen and is susceptible to brute-force attacks.
What are authentication types?
SFA requires only one type of authentication factors.
MFA requires at least this many different types of authentication factors.
What is an Identity Provider (IdP)?
This type of organization manages the lifecycle of digital identities and handles authentication.
What is provisioning (or onboarding)?
This process creates user accounts and assigns resources, permissions, and attributes.
What is least privilege?
This principle states that accounts should only receive the minimum permissions necessary for their role.
What is length?
This NIST recommendation emphasizes this characteristic of passwords over complexity requirements.
What is "something you have"?
This factor category includes smartcards, USB tokens, and security keys.
What are Service Providers (SPs) or Relying Parties (RPs)?
These entities provide services to users whose identities have been attested to by an IdP.
What is deprovisioning?
This process removes accounts, permissions, and related data when they're no longer needed.
What is Discretionary Access Control (DAC)?
In this access control scheme, file owners can delegate rights and permissions as they desire.
What are biometric factors (or something you are)?
These authentication factors include fingerprints, retina scans, and voice prints.
What is Time-Based One-Time Password?
TOTP stands for this type of one-time password generation method. Examples include Google and Microsoft Authenticators
What is attestation?
This formal verification confirms that something is true, such as a user being who they claim to be.
What is permission creep?
This occurs when users accumulate broader permissions over time that may not match their current role.
What is Mandatory Access Control (MAC)?
This access control relies on the operating system to enforce controls set by a security policy administrator.
What is passwordless authentication?
This type of authentication uses hardware devices like security keys and eliminates the need for passwords entirely.
What is FRR (False Rejection Rate)?
This is the false rejection rate in biometric systems, also called a Type I error.
What are SAML and OpenID Connect?
These two protocols are commonly used for federated authentication in cloud environments
What are ephemeral accounts?
These temporary accounts have limited lifespans and are often used for guests or specific purposes.
What is Role-Based Access Control (RBAC)?
This access control system uses job functions matched with appropriate privileges and permissions.
What is FIDO2?
This standard uses key pairs and supports both W3C Web Authentication and CTAP protocol.
What is MFA fatigue (or push notification bombing)?
This attack method overwhelms users with repeated validation requests until they enter an OTP to make requests stop.
What is OAuth?
This protocol is specifically used to handle authorization of access to protected resources in federated systems.
What is Just-in-Time (JIT) permissions?
This PAM feature grants and revokes permissions only when needed, requiring users to "check out" access.
What is Attribute-Based Access Control (ABAC)?
This flexible access control scheme uses policies driven by user characteristics and can create complex rulesets.