Innovative Digital Solutions for SMBs
Glossary of terms and definitions for IT (Information Technology), the Internet and cyber security.
This glossary provides more than 480 clear and concise definitions of commonly used terms in the fields of information technology, the internet, and cyber security. It is designed to support users of all levels in understanding key concepts, technical jargon, and acronyms frequently encountered across digital platforms and security-related discussions. Whether you are a business owner, student, professional, or simply interested in the digital landscape, this resource aims to enhance your knowledge and confidence in navigating the ever-evolving world of technology.
The authentication information used to verify a user's identity, typically consisting of a username and password, and sometimes additional factors.
Example: Accessing the university's student portal requires entering valid credentials, including a student ID and password.
A username and password that has been stolen or exposed, allowing unauthorised access to accounts.
Example: Hackers use compromised credentials from a data breach to log into victims' email accounts.
The process of verifying the identity of a user, system, or device, typically using credentials such as passwords, biometrics, or security tokens, to grant access to secure systems or information.
Example: Logging into your email by entering a username and a password.
See also: Credentials, 2FA, MFA
A type of cyber attack where attackers use large sets of stolen username and password combinations, often obtained from previous data breaches, to gain unauthorised access to multiple online accounts. This attack exploits the common practice of people reusing the same credentials across different platforms and services.
Example: After acquiring a database of stolen login credentials from a breached e-commerce website, attackers attempt to access users' social media and banking accounts using the same email and password combinations.
A set of attributes and credentials that represent a person or entity online.
Example: Her digital identity includes her email, username, and biometric data.
An attack where a hacker intercepts private communications, such as emails or phone calls, to steal sensitive information.
Example: An attacker uses a packet sniffer to capture login credentials sent over an unencrypted Wi-Fi network.
The process of gaining access to a computer or network by entering credentials.
Example: He entered his username and password to login.
A general term for any malicious software designed to damage, disrupt, or exploit computers, networks, or data. Types include viruses, worms, ransomware, and spyware.
Example: A user downloads some free software from an unofficial website, unknowingly installing malware that tracks their keystrokes and steals their login credentials.
An attack where a cybercriminal intercepts and possibly alters communication between two parties without their knowledge.
Example: An attacker intercepts data transferred between your laptop and a public Wi-Fi network, stealing login credentials for your email.
An open standard for access delegation, allowing secure access to resources without sharing passwords.
Example: A user grants a project management app permission to access their cloud storage account using OAuth, enabling the app to fetch and display relevant files without requiring the user's login credentials.
A cyber attack that redirects users from legitimate websites to fraudulent ones to steal personal information. Unlike phishing, pharming can occur even if the user types the correct URL.
Example: You enter your bank's web address, but malware on your device redirects you to a fake version of the site, prompting you to enter your login credentials.
A social engineering tactic where attackers create a fabricated scenario or pretext to trick individuals into divulging confidential information.
Example: An attacker calls an employee, claiming to be from IT support, and convinces them to share their login credentials to "fix a technical issue."
A group of cyber security professionals that integrates the functions of both the Red Team (attackers) and Blue Team (defenders) to enhance an organisation's security posture. The Purple Team facilitates collaboration and information sharing between the Red and Blue Teams to identify vulnerabilities, improve defences, and ensure effective threat mitigation. Their role is to ensure that offensive testing (Red Team) directly informs defensive strategies (Blue Team).
Example: After the Red Team conducts a simulated phishing attack and successfully compromises user credentials, the Purple Team helps the Blue Team improve email filtering and employee training to prevent future incidents.
A set of instructions written for a program to automate tasks.
Example: The login script checks user credentials against a database.