Skip to content

Instantly share code, notes, and snippets.

@AlexFilipin

AlexFilipin/terminology.csv

Last active April 14, 2020 16:41
Show Gist options
  • Save AlexFilipin/323f31eb792c14c100248a52a1354770 to your computer and use it in GitHub Desktop.
Save AlexFilipin/323f31eb792c14c100248a52a1354770 to your computer and use it in GitHub Desktop.
Download ZIP
Authentication Methods
Raw
terminology.csv
Authentication Method Vulnerable to breach replay or password spray attacks? Vulnerable to phishing? Vulnerable to physical theft? All secrets sent over the network? Terminology suggestion
Password alone Yes Yes N/A Yes TBD
Password + OTP via email No Yes Yes, if device offers unsecured access to email Yes TBD
Password + OTP via SMS No Yes Yes, if device offers unsecured access to SMS Yes TBD
Password + OTP via soft stoken No Yes Yes, if device offers unsecured access to soft token Yes TBD
Password + OTP via hard token No Yes Yes Yes TBD
Password + Approval of push notification No Yes Yes, if device offers unsecured access to approve No, it uses public-key cryptography TBD
Password + Smartcard No ? ? ? TBD
Password + FIDO CTAP authenticator [U2F or FIDO2] (Remoable e.g. security key or built-in e.g. Windows Hello) No No, challenging origin is checked No, unlocking the authenticator requires PIN or biometrics by standard No, it uses public-key cryptography TBD
Passwordless public-key cryptography [e.g. Microsoft Authenticator phone sign-in for MSA and AAD] No Yes No, unlocking the authenticator requires PIN or biometrics No, it uses public-key cryptography TBD
Passwordless FIDO2 [e.g. Microsoft account sign-in using a security key or Windows Hello] No No, challenging origin is checked No, unlocking the authenticator requires PIN or biometrics by standard No, it uses public-key cryptography TBD
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment