Shareholder Authentication

DOWNLOAD/PRINT DOCUMENT

Glossary

  • Salting and Hashing

    The process of adding complexity and uniqueness to a user’s password, which is accomplished by adding characters to, or “salting,” the password, then using a “hashing” algorithm (e.g., SHA-512 or bcrypt) that generates a long, unique string of characters and that is designed to be irreversible.

  • Sidejacking Attack

    An attack in which a fraudster copies a cookie that has been placed on a user’s computer by a website, and subsequently uses that cookie to impersonate the user (and to fool the website into treating the fraudster as the user). If the cookie indicates that the user’s identity has been properly authenticated by the website, the fraudster may be able to circumvent the website’s authentication procedures.

  • Single-Factor Authentication

    The use of what a user knows (e.g., a password).

  • Software Token

    A mobile phone app or similar program that performs the function of a hardware token—i.e., generates, at regular intervals (e.g., every 30 seconds), a number or code that a user must enter to complete the authentication process.

  • Spear Phishing

    A form of phishing e-mail fraud in which the fraudster specifically targets particular individuals. Compare with “phishing.”

  • Spoofing

    In this context, “spoofing” refers to a fraudster’s falsification of device characteristics in order to fool a fund group. Examples include “spoofing” the Caller ID of a legitimate shareholder, or the IP address of a legitimate shareholder’s computer or other device.