Your Map to Account Security Jargon

Security writing is full of acronyms and terms that assume you already know the other terms. This glossary fixes that: plain definitions of the concepts that actually matter for protecting your accounts, each linking to a full explainer if you want to go deeper. Bookmark it as your reference, and use our free 2FA tools to see many of these ideas in action.

Authentication Basics

Passwordless and Strong Auth

  • Passkey: A phishing-resistant login using cryptographic keys on your device instead of a password.
  • FIDO2 / WebAuthn: The open standards that make passkeys and security keys work.
  • Hardware Security Key: A physical device (like a YubiKey) that proves your identity, immune to phishing.
  • Magic Link: Passwordless login via a one-click emailed link.
  • Biometrics: Fingerprint, face, or other physical traits used to unlock access.

Passwords and Cryptography

  • Passphrase: A password made of multiple random words, long and memorable.
  • Entropy: The measure of password unpredictability, in bits.
  • Hashing: Turning data into a one-way fingerprint, used to store passwords safely.
  • Salt: Random data added before hashing so identical passwords hash differently.
  • SHA-256 / MD5: Hash algorithms; SHA-256 is secure, MD5 is broken for security.
  • Base32 / Base64: Encodings that represent data as text; Base32 carries 2FA secrets.

Threats and Attacks

Concepts and Infrastructure

  • HTTPS / TLS: The encryption behind the padlock in your browser.
  • End-to-End Encryption (E2EE): Only sender and recipient can read the content.
  • VPN: An encrypted tunnel that hides your traffic from the local network.
  • OAuth / SSO: "Sign in with Google" style delegated login.
  • Zero Trust: The "never trust, always verify" security model.
  • Device Fingerprinting: Identifying a device by its unique configuration.
  • Recovery Email: The address used to regain access, and the master key to your accounts.
  • otpauth URI: The text format inside every 2FA QR code.

Where to Start

If this list is overwhelming, start with three actions that cover 90% of real risk: enable 2FA on your important accounts, use unique passwords from a manager (our generator helps), and learn to spot phishing. Everything else in this glossary builds on those foundations.

Frequently Asked Questions

What are the most important terms for a beginner?

2FA, phishing, and password manager. Understand those three and you can act on the biggest risks immediately. The rest deepen your understanding but aren't prerequisites to being significantly safer today.

What's the difference between authentication and encryption?

Authentication proves who you are (logging in); encryption protects data so others can't read it (HTTPS, E2EE). They solve different problems and often work together: you authenticate to a service over an encrypted connection.

Which of these should I actually set up?

2FA on email, banking, and social accounts; a password manager with unique passwords; and passkeys or hardware keys on your most critical accounts. Those concrete steps, drawn from the terms above, are what move the needle. Our account security guide sequences them.

Is this glossary complete?

It covers the terms that matter for everyday account security, the ones you'll actually encounter. Security is a vast field, but these are the concepts that protect your logins, money, and identity. Each links to a fuller explanation when you want more depth.

How do I keep up as new terms appear?

The fundamentals here change slowly; new terms usually recombine these basics. Understanding the core (factors, phishing, hashing, keys) lets you decode new jargon as it appears. Bookmark this page as your anchor.

Shoyeb Akter

Written by

Security Tools Developer and creator of 2FA Fast — a privacy-first browser-based authenticator and security tools platform.