PCI-DSS (Payment Card Industry Data Security Standard) v4.0 mandates specific identity and access controls for organizations that handle payment card data — including MFA for.
Archives: Glossary Terms
Passkeys
Passkeys are a FIDO2-based replacement for passwords — cryptographic credentials tied to a specific website or app, stored on the user's device (iPhone, Android, laptop),.
Pass-the-Hash
Pass-the-Hash (PtH) is a credential theft attack where an attacker captures the hashed version of a password from memory (without cracking it) and uses the.
Overprivileged Identity
An overprivileged identity is a user, service account, or machine identity that holds more permissions than required for their actual job function — creating unnecessary.
Orphaned Accounts
Orphaned accounts are user accounts or identities (human or non-human) that remain active in a system despite no longer having a valid owner, purpose, or.
Offboarding
Offboarding is the process of revoking all system access, deactivating accounts, recovering devices and credentials, and removing entitlements for employees, contractors, or partners who are.
OAuth Token
An OAuth token is a cryptographic credential issued through the OAuth 2.0 framework that grants an application access to specific resources on behalf of a.
Non-Human Identity
A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication — representing applications, services, bots, scripts, CI/CD pipelines, cloud workloads, or.
mTLS
Mutual TLS (mTLS) is a security protocol where both the client and server authenticate each other using X.509 certificates — unlike regular TLS where only.
Microsegmentation
Microsegmentation is a network security technique that divides the data center or cloud environment into small, isolated segments — controlling traffic between workloads at a.