Personal identification number in the context of ITU E.161

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

In general, a password is a sequence of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN).

A SIM card or SIM (subscriber identity module) is an integrated circuit (IC) in the range of a 25 MHz 32 bit CPU, and 256 KB of NVM. SIMs are intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices (such as mobile phones, tablets, and laptops). SIMs are also able to run apps and to store arbitrary information like address book contact information, and may be protected using a PIN code to prevent unauthorized use.

These SIM cards are always used on GSM phones; for CDMA phones, they are needed only for LTE-capable handsets. SIM cards are also used in various satellite phones, smart watches, computers, or cameras. The first SIM cards were the size of credit and bank cards; sizes were reduced several times over the years, usually keeping electrical contacts the same, to fit smaller-sized devices. SIMs are transferable between different mobile devices by removing the card itself.

Plastic cards usually serve as identity documents, thus providing authentication. In combination with other assets that complement the data stored on the card, like PIN numbers, they also serve authorization purposes, most often as debit or credit cards for allowing their holders to do financial transactions. Early and simpler cards feature only hard-to-imitate integrated photographs, security holograms, guillochés, or a magnetic strip on which few bytes of personal data could be stored. Today, smart cards, i.e. those equipped with an electronic chip (storage, or RFID), serve as high-security active electronic documents that allow their holder to qualify for driving cars (drivers license card), receive medical treatment (health insurance cards), do banking and more.

A stored-value card (SVC) or cash card is a payment card with a monetary value stored on the card itself, not in an external account maintained by a financial institution. This means no network access is required by the payment collection terminals as funds can be withdrawn and deposited straight from the card. Like cash, payment cards can be used anonymously as the person holding the card can use the funds. They are an electronic development of token coins and are typically used in low-value payment systems or where network access is difficult or expensive to implement, such as parking machines, public transport systems, and closed payment systems in locations such as ships.

Stored-value cards differ from debit cards, where money is on deposit with the issuer, and credit cards which are subject to credit limits set by the issuer and are connected to accounts at financial institutions. Another difference between stored-value cards and debit and credit cards is that debit and credit cards are usually issued in the name of individual account holders, while stored-value cards may be anonymous, as in the case of gift cards. Stored-value cards are prepaid money cards and may be disposed when the value is used, or the card value may be topped up, as in the case of telephone calling cards or when used as a fare card.

Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the UK and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained. According to a report done for the FTC, identity theft is not always detectable by the individual victims. Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A U.S. Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft". The report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known", but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%". For example, in one of the largest data breaches which affected over four million records, it resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.

Keystroke dynamics, keystroke biometrics, typing dynamics, or typing biometrics refer to the collection of biometric information generated by key-press-related events that occur when a user types on a keyboard. Use of patterns in key operation to identify operators predates modern computing, and has been proposed as an authentication alternative to passwords and PIN numbers.

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

Security tokens can be used to store information such as passwords, cryptographic keys used to generate digital signatures, or biometric data (such as fingerprints). Some designs incorporate tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generation routine with some display capability to show a generated key number. Connected tokens utilize a variety of interfaces including USB, near-field communication (NFC), radio-frequency identification (RFID), or Bluetooth. Some tokens have audio capabilities designed for those who are vision-impaired.

Apple Pay is a mobile payment service by Apple that allows users to make payments in person, in iOS apps, and on the web. Supported on iPhone, Apple Watch, iPad, Mac, and Vision Pro, Apple Pay digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay–specific contactless payment terminals; it can work with any merchant that accepts contactless payments. It adds two-factor authentication via Touch ID, Face ID, Optic ID, PIN, or passcode. Devices wirelessly communicate with point of sale systems using near field communication (NFC), with an embedded secure element (eSE) to securely store payment data and perform cryptographic functions, and Apple's Touch ID, Face ID and OpticID for biometric authentication.

Apple Pay can also be used to pay fares on many public transport networks. Payment can be authorised without authentication for supported public transport networks, referred to as 'Express Mode', or by a regular authenticated Apple Pay transaction for other systems accepting contactless payments.

The FIDO (Fast IDentity Online) Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face creating and remembering multiple usernames and passwords.

FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near-field communication (NFC). The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button. The specifications emphasize a device-centric model. Authentication over an insecure channel happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.

Muscle memory is a form of procedural memory that involves consolidating a specific motor task into memory through repetition, which has been used synonymously with motor learning. When a movement is repeated over time, the brain creates a long-term muscle memory for that task, eventually allowing it to be performed with little to no conscious effort. This process decreases the need for attention and creates maximum efficiency within the motor and memory systems. Muscle memory is found in many everyday activities that become automatic and improve with practice, such as riding bikes, driving motor vehicles, playing ball sports, musical instruments, and poker, typing on keyboards, entering PINs, performing martial arts, swimming, dancing, and drawing.

A payment terminal, also known as a point of sale (POS) terminal, card machine, credit card machine, card reader, PIN pad, EFTPOS terminal (or by the older term as PDQ terminal which stands for "Process Data Quickly"), is a device which interfaces with payment cards to make electronic funds transfers. The terminal typically consists of a secure keypad (called a PINpad) for entering PIN, a screen, a means of capturing information from payments cards and a network connection to access the payment network for authorization.

A payment terminal allows a merchant to capture required credit and debit card information and to transmit this data to the merchant services provider or bank for authorization and finally, to transfer funds to the merchant. The terminal allows the merchant or their client to swipe, insert or hold a card near the device to capture the information.

A telephone card (also telecard, teleca, calling card or phone card for short) is a credit card-size plastic or paper card used to pay for telephone services (often international or long-distance calling). It is not necessary to have the physical card except with a stored-value system; knowledge of the access telephone number to dial and the PIN is sufficient. Standard cards which can be purchased and used without any sort of account facility give a fixed amount of credit and are discarded when used up; rechargeable cards can be topped up, or collect payment in arrears. The system for payment and the way in which the card is used to place a telephone call vary from card to card.

Calling cards usually come equipped with PIN for user protection and security. Most companies require user to enter the PIN before granting access to the calling card's funds. PINs often are printed on a piece of paper found inside the calling card's packaging. Once the users makes their first call, some companies offer the option of eliminating the PIN altogether to speed up the calling process. Companies that sell virtual calling cards online typically send the PIN via email.

In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a PIN code, a password, a passphrase, a big number, or an array of randomly chosen bytes.

The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a pre-shared key, or it is created at the start of the communication session by using a key-agreement protocol, for instance using public-key cryptography such as Diffie–Hellman or using symmetric-key cryptography such as Kerberos.