Authentication and Tokens in Digital Security

To verify the identity of a person requesting access to a digital resource

To create new digital resources

To delete user accounts

To monitor network traffic

A digital key used to access protected data

A type of computer virus

A physical security device

A backup storage device

Tokens have expiry dates

Tokens are encrypted with passwords

Tokens are only used once

Tokens cannot be copied

Authentication verifies identity, while authorisation grants access to resources

Authentication grants access, while authorisation verifies identity

Both terms mean the same thing

Authentication is only used for physical security

The token given by the server

Their full login credentials again

A new password

A physical key

An open standard for authorisation of applications and devices that uses tokens rather than credentials to verify access requests.

A method for encrypting data between two devices.

A programming language for web development.

A hardware device for secure login.

To provide a JSON-based authentication service.

To redirect access requests to a central authentication server using XML.

To encrypt messages between users.

To store user passwords securely.

OpenID requires users to create a new password for every website.

OpenID allows users to use an existing account to sign in to multiple websites.

OpenID is only used for mobile applications.

OpenID stores passwords on every website you visit.

Because your password is given to every website you visit.

Because your password is only given to your identity provider, and no website ever sees your password.

Because OpenID requires you to change your password frequently.

Because OpenID stores your password in your browser.

SAML, because it is used for encrypting emails.

OAuth2, because it allows authorisation using tokens from existing accounts.

OpenID, because it requires users to create new passwords.

SAML, because it is a JSON-based authentication service.