Definitions for Common Password Security Terms

Like anything to do with computers, password management has its share of jargon. To avoid cluttering up my posts on password management, these terms are defined here.

AESAdvanced Encryption Standard is a widely used encryption standard adopted by the U.S. Government in 2001. This terrific cartoon is a great tutorial on the inner workings of AES.

Average Joe – American idiom that means a typical person. FilterJoe aims to help typical people (the average Joe) learn key skills for the information age regardless of computer skill level, gender, ethnicity, or nationality.

EncryptionEncryption is the process of transforming information into a form that is unreadable by anyone except those possessing a key. Information encrypted on computers using AES cannot be read without the key, usually a password.

Keystroke LoggerKeystroke logging or keylogging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored

MalwareMalicious software designed to infiltrate a computer without an owner’s informed consent. Malware includes computer viruses, works, trojan horses, spyware, rootkits, key loggers, and other malicious and unwanted software.

Master Password – Password Managers typically use a user-selected master password or passphrase to form the key used to encrypt the protected passwords. This master password must be strong, because a compromised master password renders all of the protected passwords vulnerable. How to select a Master Password is discussed here.

Password Manager – Desktop or cloud-based software which stores user names and passwords.Also known as password management software.

Phishing – In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging.

Sync, synch, or syncing – Keep data identical in two or more locations. Short for file synchronization.

Tabnapping – A combination of the words “tab” and “kidnapping” to describe a type of phishing attack. Malicious software secretly changes already open browser tabs, then collects the username and password when entered. For example, a user wants to log in to her Facebook account and sees an open Facebook tab. She clicks on the tab, and seeing that she needs to log in, she types her user name and password. She thought it was a tab she had left open, but it turns out it was a tab that was changed by malicious software, and it collects her username and password as she enters them.

Two-Factor AuthenticationTwo-factor authentication requires two different “factors” to validate who you are. This can be done using any two of the three “factors” below:

  • Something you know: password, birthday, government ID#
  • Something you have: bank card, passport, key
  • Something you are: finger print, eye, DNA

A popular use of two-factor authentication is withdrawing cash from an ATM, which requires both a card and a PIN number. Some password managers may be set up with two-factor authentication for the master password, requiring both the password and a USB stick.

Virtual Keyboard – An on-screen keyboard that allows a user to enter characters. Virtual keyboards can be used to reduce the risk of keystroke logging. It is more difficult for malware to capture passwords entered from virtual keyboards than it is to capture passwords from real keystrokes.

Author: Joe Golton

I’m a dad with a son who loves baseball. Professionally, I’ve been a software developer, investor, controller, and logistics manager. I now make my living from this blog, supplemented with occasional consulting gigs.