Skip to main content

This is the Glossary for Totem’s Secure Passwords course

Account recovery questions: A set of specific questions were used to verify that you effectively are the owner of an account.

Attacker (or Adversary): Someone that wants to undermine your security goals.

Brute force attack: In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

Ciphertext: Encrypted text. Plaintext is what you have before encryption, ciphertext is the encrypted result.

Cloud (storage): Data centers available to many users over the Internet that provide data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations from central servers.

Computer: A device, usually electronic, that processes data according to a set of instructions. The digital computer stores data in discrete units and performs arithmetical and logical operations at very high speed.

Data: Individual facts, statistics or items of information.

Data breaches: Incidents where platforms and services were hacked to gain access to user data.

Device: A machine or tool used for a specific task, like a computer or a mobile phone.

Dictionary attack: A technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

Hacking: An attempt to gain access to a computer network, system, etc. Unlike social engineering, hacking relies more on technical knowledge than psychological manipulation.

Hovering: Placing a mouse over a link without clicking.

Impersonate: To pretend to be (another person), especially fraudulently.

Internet browser: A software application for accessing information on the Internet. Each individual web page, image, and video is identified by a distinct URL, enabling browsers to retrieve and display them on the user's device. Note that an Internet (or web) browser is not the same thing as a search engine, though the two are often confused.

Password manager: A file encryption program that help you create, store and use passwords in a secure way.

Primary key: A key that opens every one of a given set of locks. Also called passkey or (formerly) master key.

Primary password: A password that is used to access other passwords. For example, a user might store their passwords in an encrypted file that is accessed with a primary password. Password managers typically require a primary password. It is commonly recommended that primary passwords be extremely strong. Formerly known as master password.

Server: A computer that provides data to other computers. It may serve data to systems on a local area network or a wide area network over the Internet.Many types of servers exist, including web servers, mail servers, and file servers.

Social engineering: The malicious act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information. Unlike hacking, social engineering relies more on trickery and psychological manipulation than technical knowledge. 

Time-based One-Time Password (TOTP): A single-use passcode typically used for authenticating users. The user is assigned a TOPT generator delivered as a hardware key or software token (2FA app). The generator implements an algorithm that computes a one-time passcode using a secret shared with the authentication server and the current time – hence the name time-based OTP. The passcode is displayed to the user and is valid for a limited duration. Once expired, the passcode is no longer valid.