Term · 2. Authentication & Authorization
Authentication Information
Definition
Data the principal uses to prove identity during authentication — passwords, OTP codes, biometric templates, FIDO2 credentials, certificates, security tokens. Must be protected at rest (hashing/encryption) and in transit (TLS). Compromise of authentication information enables impersonation attacks.
- Application
- Storage best practices: bcrypt/Argon2 for password hashes, hardware-backed biometric templates (Secure Enclave, TPM), per-credential salts, no plaintext logging. NIST SP 800-63B prohibits storing reversible password forms.
Related terms
-
Authentication (AuthN)
Process of verifying that a principal is who they claim to be. Three classic factors: knowledge (password, PIN), possess …
-
Credential
Data presented to authenticate or authorize — password, token, certificate, biometric, API key. NIST SP 800-63 distingui …
-
Identity Provider (IdP)
System that authenticates users and issues identity assertions (SAML responses, OIDC ID tokens) to relying parties. Cent …
-
Kerberos
Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
-
Least Privilege Principle (LPP)
Security principle dictating that subjects receive only the minimum privileges necessary to perform their function, for …
-
Liveness Detection
Anti-spoofing technique in biometric authentication that verifies the biometric sample comes from a live human, not a ph …