Authentication

Authentication and Authorization are distinct security concepts: authentication verifies identity, while authorization determines access rights. This SECMONS glossary entry explains the difference, common implementation flaws, and how misconfigurations lead to security incidents.

Brute Force and Password Spraying are credential-based attack techniques that attempt to gain unauthorized access by systematically guessing passwords. This SECMONS glossary entry explains how these attacks differ, how they are detected, and how organizations mitigate identity abuse.

Analysis of the 2023 Okta support system breach in which attackers accessed internal customer support records and authentication-related data from Okta's case management platform.

Credential access refers to attack techniques used to obtain usernames, passwords, authentication tokens, or other login secrets that allow attackers to access systems and services.

Identity and Access Management (IAM) is the cybersecurity discipline focused on managing digital identities, controlling access to systems and data, and ensuring that only authorized users and services can interact with critical resources.