Personal identification number in the context of "Keystroke dynamics"

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.

In general, a password is a sequence of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN).

A SIM card or SIM (subscriber identity module) is an integrated circuit (IC) in the range of a 25 MHz 32 bit CPU, and 256 KB of NVM. SIMs are intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices (such as mobile phones, tablets, and laptops). SIMs are also able to run apps and to store arbitrary information like address book contact information, and may be protected using a PIN code to prevent unauthorized use.

These SIM cards are always used on GSM phones; for CDMA phones, they are needed only for LTE-capable handsets. SIM cards are also used in various satellite phones, smart watches, computers, or cameras. The first SIM cards were the size of credit and bank cards; sizes were reduced several times over the years, usually keeping electrical contacts the same, to fit smaller-sized devices. SIMs are transferable between different mobile devices by removing the card itself.

Plastic cards usually serve as identity documents, thus providing authentication. In combination with other assets that complement the data stored on the card, like PIN numbers, they also serve authorization purposes, most often as debit or credit cards for allowing their holders to do financial transactions. Early and simpler cards feature only hard-to-imitate integrated photographs, security holograms, guillochés, or a magnetic strip on which few bytes of personal data could be stored. Today, smart cards, i.e. those equipped with an electronic chip (storage, or RFID), serve as high-security active electronic documents that allow their holder to qualify for driving cars (drivers license card), receive medical treatment (health insurance cards), do banking and more.

A stored-value card (SVC) or cash card is a payment card with a monetary value stored on the card itself, not in an external account maintained by a financial institution. This means no network access is required by the payment collection terminals as funds can be withdrawn and deposited straight from the card. Like cash, payment cards can be used anonymously as the person holding the card can use the funds. They are an electronic development of token coins and are typically used in low-value payment systems or where network access is difficult or expensive to implement, such as parking machines, public transport systems, and closed payment systems in locations such as ships.

Stored-value cards differ from debit cards, where money is on deposit with the issuer, and credit cards which are subject to credit limits set by the issuer and are connected to accounts at financial institutions. Another difference between stored-value cards and debit and credit cards is that debit and credit cards are usually issued in the name of individual account holders, while stored-value cards may be anonymous, as in the case of gift cards. Stored-value cards are prepaid money cards and may be disposed when the value is used, or the card value may be topped up, as in the case of telephone calling cards or when used as a fare card.

Identity theft, identity piracy or identity infringement occurs when someone uses another's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been legally defined throughout both the UK and the U.S. as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained. According to a report done for the FTC, identity theft is not always detectable by the individual victims. Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A U.S. Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft". The report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known", but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%". For example, in one of the largest data breaches which affected over four million records, it resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

Security tokens can be used to store information such as passwords, cryptographic keys used to generate digital signatures, or biometric data (such as fingerprints). Some designs incorporate tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generation routine with some display capability to show a generated key number. Connected tokens utilize a variety of interfaces including USB, near-field communication (NFC), radio-frequency identification (RFID), or Bluetooth. Some tokens have audio capabilities designed for those who are vision-impaired.

Apple Pay is a mobile payment service by Apple that allows users to make payments in person, in iOS apps, and on the web. Supported on iPhone, Apple Watch, iPad, Mac, and Vision Pro, Apple Pay digitizes and can replace a credit or debit card chip and PIN transaction at a contactless-capable point-of-sale terminal. It does not require Apple Pay–specific contactless payment terminals; it can work with any merchant that accepts contactless payments. It adds two-factor authentication via Touch ID, Face ID, Optic ID, PIN, or passcode. Devices wirelessly communicate with point of sale systems using near field communication (NFC), with an embedded secure element (eSE) to securely store payment data and perform cryptographic functions, and Apple's Touch ID, Face ID and OpticID for biometric authentication.

Apple Pay can also be used to pay fares on many public transport networks. Payment can be authorised without authentication for supported public transport networks, referred to as 'Express Mode', or by a regular authenticated Apple Pay transaction for other systems accepting contactless payments.

The FIDO (Fast IDentity Online) Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face creating and remembering multiple usernames and passwords.

FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near-field communication (NFC). The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button. The specifications emphasize a device-centric model. Authentication over an insecure channel happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.