Glossary
Your cybersecurity and password management terminology guide, from basics to current trends.
A
Active Directory (AD)
Active Directory, developed by Microsoft, is a proprietary directory service designed to provide secure access to corporate networks by storing and managing information such as user accounts, computer objects, groups, policies, and other network resources. It enables administrators to efficiently control security settings across the organization's IT infrastructure.
Advanced Encryption Standard (AES)
AES is a widely trusted and adopted symmetric encryption algorithm established by NIST in 2001. Renowned for its speed and reliability, AES secures sensitive information using a shared key, making it the strongest encryption standard.
Android Application Package (APK)
The Android operating system utilizes the APK file format to distribute and install mobile applications. It usually includes everything needed for an app to run, such as the program's code, resources, assets, certificates, and manifest files.
Application Programming Interface (API)
APIs allow software programs to interact by defining how they exchange data and perform tasks. The API key is crucial for enabling automation, tracking, and more. Given its ability to access confidential data, securing the API key is essential to avoid misuse or unauthorized activity.
Artificial Intelligence (AI)
AI is a powerful suite of technologies that allows computers to perform sophisticated functions like interpreting language, analyzing data, recognizing visuals, and offering smart insights. It plays a crucial role in advancing digital innovation for both personal and professional use.
Asymmetric cryptography
Public-key encryption, also known as asymmetric cryptography, uses a pair of keys—one public and one private—to secure data. This method significantly boosts security because only the private key can decrypt information that's been encrypted with its corresponding public key, a fundamental principle behind passkeys.
Authenticator
An authenticator is a security application that generates time-sensitive codes (TOTPs) or sends push notifications to confirm a user's identity. It's frequently employed in two-factor or multi-factor authentication (MFA), adding security beyond just your password.
B
Brute force attack
A brute force attack is a type of cyberattack in which hackers systematically try various passwords or encryption keys to gain unauthorized access to accounts or encrypted data until they discover the correct one. This trial-and-error approach often targets authentication systems like website login pages, SSH servers, or password-protected files.
C
California Consumer Privacy Act (CCPA)
The CCPA, enacted on January 1, 2020, is a pivotal privacy law that strengthens the rights of California consumers by giving them more control over how their personal data is collected and used. Its wide jurisdictional reach means that even companies outside of California must comply if they do business with its residents. With the scale of California's market, adhering to the CCPA is a strategic necessity for many organizations.
Cloud service provider (CSP)
A cloud service provider is a third-party company that delivers scalable and on-demand computing resources over the internet. These services typically include storage, platforms, and applications that businesses can use without having to maintain their own physical infrastructure.
Command line interface (CLI)
A command-line interface is a text-based method of communicating with a computer's operating system or software by inputting typed commands into a command prompt or shell.
Cyber insurance
Cyber liability insurance, also known as cyber risk insurance, is a type of protection that enables businesses to mitigate the financial consequences of cyber breaches. It offers risk transfer by covering expenses such as data recovery, system restoration, and other expenses incurred after a cyberattack or data breach.
Cyberattack
A cyberattack is a deliberate attempt to access, damage, steal, or disrupt data, applications, or systems through unauthorized means. These attacks can severely impact businesses, causing operational downtime, financial losses, and long-lasting damage to a business's reputation. The cost of a data breach often runs into millions, covering not just the immediate response and recovery, but also lost revenue and long-term brand harm.
Cybersecurity
Cybersecurity refers to the strategic use of people, policies, procedures, and technology to defend organizations, their critical infrastructure, and confidential data against digital threats and cyberattacks.
D
Dark web
The dark web refers to an unindexed part of the internet that requires special browsers for access. It provides anonymity for users, which can be used for both lawful and unlawful activities. However, this anonymity also makes it a hotspot for cybercrime, scams, and the exchange of confidential or illegal material.
Data breach
A data breach is a security incident where unauthorized individuals infiltrate and obtain access to confidential information. This can include personal details like social security numbers, bank accounts, and medical records, as well as corporate assets such as customer databases, proprietary information, and financial data.
Data decryption
Data decryption is the process of converting encrypted data, known as ciphertext, back into its original, readable form called plain-text. This allows computer systems to understand and process the information that was previously encoded for security purposes.
Data encryption
Data encryption is a technique used to protect information during transmission by converting it into a secure, encoded format. Only someone with the correct encryption key can decode and access the original message.
Data privacy
Data privacy refers to an individual's right to control how their personal information is collected, used, and shared. It encompasses the ability to decide when, how, and to what extent details like their name, location, contact data, or behaviors—both online and offline—are disclosed to others.
Data security
Data security is the practice of safeguarding digital information from unauthorized access, theft, or tampering, ensuring that data remains protected and intact at every stage of its lifecycle—from creation and storage to transmission and eventual disposal.
Data center
A data center is a secure physical facility used by organizations to store and manage critical applications and data. At Zoho, your data is hosted in our own state-of-the-art data centers strategically located around the world to ensure the highest levels of performance, security, and reliability Learn more.
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
A DoS attack aims to flood a system or network with traffic to the point that it becomes unusable. When this flood originates from numerous compromised devices spread across various locations, it's classified as a DDoS attack. Both types disrupt access for legitimate users and can lead to major service outages.
E
End-to-end encryption (E2EE)
End-to-end encryption is a security method that ensures data is encrypted on the sender's device and remains protected throughout transmission until it reaches the recipient, where it's decrypted. This process prevents unauthorized access by making the data unreadable to anyone except the intended recipient.
F
FIDO Alliance
The FIDO Alliance is an open industry association dedicated to reducing global reliance on passwords. It advocates for the development and adoption of strong authentication and device attestation standards. Zoho has joined this mission, working alongside the FIDO Alliance to deliver a safer login and authentication experience using passkeys Learn more.
G
General Data Protection Regulation (GDPR)
The GDPR is a data privacy law implemented by the European Union (EU) to control how the personal data of EU citizens is handled globally. It was enacted in 2016 and became enforceable on May 25, 2018.
Generative AI (GenAI)
Generative AI is a branch of artificial intelligence that can generate new content like text, images, audio, or code by learning from large datasets. These systems use deep learning to understand the structure and relationships in the data, allowing them to produce outputs based on user prompts.
H
Hashing
Hashing is a method that uses a one-way algorithm to convert data into a scrambled string of text. This process is irreversible, meaning the original data cannot be retrieved from the hash, ensuring security and data integrity.
Have I Been Pwned? (HIBP)
Have I Been Pwned? (HIBP) is a widely trusted website that helps users check if their personal data has been exposed in known data breaches. By aggregating and analyzing information from billions of breaches and public pastes, the platform allows users to search using their email address or username. HIBP is relied upon not only by individuals but also by governments, including the UK and Australia, to monitor breaches and safeguard sensitive domains.
Health Insurance Portability and Accountability Act (HIPAA)
The HIPAA is a U.S. federal law enacted in 1996 that establishes regulatory standards for the lawful use and disclosure of protected health information (PHI). Compliance with HIPAA is overseen by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR) Learn more.
Helpdesk
Helpdesk software helps organizations handle support requests efficiently by managing tickets, automating workflows, and enabling communication across multiple channels. Because ticketing is key to smooth customer service, it's often called help desk ticketing software.
Hypertext transfer protocol secure (HTTPS)
HTTPS is the encrypted version of HTTP, the standard protocol used for communication between a web browser and a website. By using SSL/TLS protocols, HTTPS ensures that data transferred between the user and the site remains secure, which is especially critical when handling sensitive information like banking details, login credentials, or personal health data.
I
Identity and Access Management (IAM)
IAM is a key cybersecurity practice focused on managing digital identities and controlling user access across IT systems. It ensures that only the correct individuals have the appropriate access to the right resources, at the right time, and for the right reasons.
Incident response plan
An incident response plan is a structured approach that guides an organization in responding effectively to cybersecurity breaches, helping to limit impact and quickly restore operations.
Insider threats
Insider threats are security risks posed by people within an organization who exploit their authorized access to compromise sensitive information or disrupt systems.
Integration
Integration enables different apps to work together by allowing data to flow between them. For instance, integrating Zoho Vault with Zoho Mail helps you access passwords and other confidential data right from your inbox and stay safe from phishing threats.
K
Keylogging
Keylogging, or keystroke logging and keyboard capturing, involves secretly recording every key pressed on a computer, typically without the user's awareness. A keylogger is a software or hardware tool specifically designed to capture these keystrokes, storing them or transmitting the data to a hacker for later access.
M
Malware attack
A malware attack is a cyber threat where malicious software is deployed to damage, disrupt, or gain unauthorized access to systems and data.
Master password
A master password is the main key used to encrypt and decrypt your password vault. It is processed with a key derivation function, which salts and hashes it multiple times to create a secure encryption key. This process happens locally on your device. A strong master password ensures stronger encryption, and it's the only password needed to access your vault.
Multi-factor authentication (MFA)
MFA is a security method that requires users to provide two or more forms of verification to gain access to an application, system, or account. This adds an extra layer of security compared to using only a password. The three main MFA authentication methods are things you know (PIN or password), things you have (smartphone or security token), and things you are (biometric data like fingerprints or voice recognition).
N
Native app
A native app is an application developed specifically for a particular platform, using its native programming languages and frameworks. This approach ensures optimal performance, seamless compatibility, and full integration with the device's hardware and features.
No-code automation
No-code automation platforms allows both technical and non-technical users to streamline processes using an intuitive visual interface, eliminating the need for traditional coding or programming.
O
OAuth
OAuth, or Open Authorization, is a protocol that allows web applications to securely access and interact with each other. Instead of sharing your password, OAuth uses authorization tokens to verify your identity. This lets you grant one application permission to act on your behalf with another, keeping your credentials safe while maintaining control over what each app can do.
P
Passkeys
A passkey is a secure, FIDO-based cryptographic credential that replaces traditional passwords. Tied to a user's account on a specific website or app, it lets you sign in using the same method you use to unlock your device, such as a biometric scan (like a fingerprint or face ID), a PIN, or a pattern. They're designed to be highly secure and help protect against common cyber threats such as phishing and credential stuffing.
Password manager
A software application that stores all of your logins in a secure encrypted location. Many password manager apps offer multiple features, such as the ability to create long, random, unique passwords automatically; syncing all of your logins across your devices; and autofilling your logins on websites.
Phishing attack
Phishing is a type of cyberattack in which criminals use fake emails, text messages, phone calls, or websites to trick individuals into revealing sensitive information, downloading malicious software, or otherwise putting themselves at risk of cybercrime.
Principle of Least Privilege (PoPL)
The Principle of Least Privilege is a key cybersecurity concept that ensures users are granted only the minimum access or permissions necessary to perform their job functions. By limiting access, organizations reduce the risk of unauthorized actions, data breaches, and misuse of high-value assets. PoLP is widely recognized as a foundational best practice for securing privileged access and protecting sensitive information.
R
Ransomware
Ransomware is a form of malicious software that seizes control of a victim's device or encrypts their confidential information, requiring a ransom to be paid in order to regain access. It poses serious security risks, as attackers may threaten to block or leak the information permanently if the ransom is not paid.
Rest APIs
REpresentational State Transfer (REST) is an style of API architecture with a set of constraints in place for the secure exchange of data between systems. All communication via REST APIs uses only HTTP requests.
Role-based access control (RBAC)
Role-based access control is a method that grants access based on a user's role within an organization. It helps reduce identity-related access risks by ensuring that individuals only have access to the information and resources necessary for their job.
S
Security Assertion Markup Language (SAML)
A SAML is a standard protocol that allows external applications and services to verify a user's identity. SAML enables single sign-on (SSO), letting users authenticate once and access multiple applications without signing in again.
Security Information and Event Management (SIEM)
SIEM is a security solution that helps organizations detect, analyze, and respond to potential threats and vulnerabilities, allowing them to address issues before they impact business operations.
Session hijacking
Session hijacking is a type of cyberattack where an attacker takes over a user's active web session by stealing their unique session ID. This allows the attacker to impersonate the user, access sensitive information, and perform actions as if they were the legitimate user.
Shadow IT
Shadow IT refers to any IT resource, including software and hardware, that is utilized within an organization's network without the knowledge or consent of the IT department.
Single Sign-On (SSO)
Single sign-on is an authentication method that lets users log in once and access multiple applications with the same credentials.
Social engineering
Social engineering is a type of attack that tricks people into revealing sensitive information, downloading harmful software, visiting dangerous websites, sending money to criminals, or taking other actions that put their personal or organizational security at risk.
Software Development Kit (SDK)
An SDK is a collection of downloadable tools and resources that developers use to create applications with advanced features across different operating systems.
System for Cross-domain Identity Management (SCIM)
SCIM is an open standard designed to streamline identity management in the cloud. It enables automated user provisioning and management across multiple systems and domains, reducing manual effort and improving consistency in user access controls.
T
Time-based one-time password (TOTP)
A TOTP is a one-time password that produces a short-lived, exclusive code in real time. It's created using a secure algorithm and is valid only for a short period, enhancing account security.
Z
Zero-knowledge architecture
Zero-knowledge architecture is a robust security framework designed to ensure that only the user can access their stored credentials. It utilizes industry-standard encryption algorithms, combined with hashing and salting, to create unique keys for encrypting and decrypting sensitive data. With this zero-knowledge approach, even the service provider cannot access the user's information, keeping passwords and other confidential data safe from hackers, insiders, and the platform itself.
Zero Trust security
Zero Trust security is a modern cybersecurity framework designed to safeguard users, data, and assets in a cloud-first world. Based on the principle of "never trust, always verify," it removes the assumption of inherent trust within networks. Instead, every access request is continuously authenticated, authorized, and validated. Zoho Vault adopts Zero Trust security to ensure this heightened level of protection.
A
Access privileges
Adhering to the Principle of Least Privilege (PoPL), access privilege at Zoho Vault means the minimum level of access granted to users, minimizing security risks by ensuring that users only have the necessary permissions to do their job. When sharing confidential information, Zoho Vault offers four distinct access levels:
- One-click login only, which allows automatic login without revealing the password in plain-text
- View, which allows users to see the password in plain-text
- Modify, which allows both viewing and editing
- Manage, which grants full control over the password, including the ability to share or delete it Learn more.
Accessibility controls (WCAG compliance)
The Web Content Accessibility Guidelines (WCAG) were established by the World Wide Web Consortium (W3C) to guarantee that all digital content is usable by people of all abilities, particularly those with impairments. At Zoho Vault, we believe in inclusive access for all users, which is why we're introducing new Accessibility Controls designed with WCAG principles in mind. These enhancements offer seamless screen reader navigation, customizable font options, multi-language support, adaptive accessibility profiles, and more—delivering a more user-friendly experience for everyone.
Audit trails
Audit trails in Zoho Vault help administrators monitor and track every sensitive action performed by users. Because enterprise users access multiple passwords and confidential data daily, audit trails provide real-time visibility into who accessed what, when, and from where—including browser and IP details. This is essential for identifying suspicious behavior and preventing potential security threats Learn more.
Auto login
Auto login in Zoho Vault lets you sign in to websites and apps instantly, removing the need to type in usernames or passwords manually Learn more.
Autofill
Autofill in Zoho Vault helps you save time by automatically filling in your saved information like usernames, passwords, addresses, credit card details, and two-factor authentication codes on websites and apps.
B
Bulk revoke sharing
Bulk revoke sharing in Zoho Vault allows administrators to revoke all shared password and folder access for users in a single action, simplifying offboarding and improving access control during role transitions.
D
Dark web monitoring
Dark web monitoring in Zoho Vault helps protect your accounts by detecting if your passwords appear in data breaches. Powered by integration with Have I Been Pwned (HIBP), this feature instantly alerts you when a breach is detected. You can then immediately update your credentials using Zoho Vault's built-in password and passphrase generator, ensuring that your accounts remain secure and resilient against brute force or dictionary attacks Learn more.
Data backup
Data backup refers to creating a secure copy of your system, configuration, or application data and storing it separately from the original. This is essential for protecting against data loss due to unexpected events like system failures, human error, cyberattacks, or natural disasters. Backups enable organizations to restore data and operations to a prior, stable state. Zoho Vault supports secure data backup by periodically sending an encrypted HTML file to your email or preferred cloud storage service, including Google Drive, Dropbox, OneDrive, and Zoho WorkDrive Learn more.
Data masking
Data masking in Zoho Vault allows administrators to mark specific fields in password categories as personal data. These fields can be hidden and prevented from being exported, helping organizations safeguard confidential information while meeting regulatory compliance standards Learn more.
Data privacy
Data privacy refers to an individual's right to control how their personal information is collected, used, and shared. It encompasses the ability to decide when, how, and to what extent details like their name, location, contact data, or behaviors—both online and offline—are disclosed to others. Learn more about data privacy at Zoho.
Data retention
Zoho Vault allows administrators to set a data retention period, which determines how long user information is kept after an account is deleted. Once this defined period ends, the data is permanently removed. Learn more.
E
Emergency access (break glass account)
Zoho Vault's emergency access or break glass account feature helps ensure that your business keeps running smoothly, even if key team members are unavailable. If someone with access to important passwords is on leave or unreachable, administrators step in or assign trusted users as emergency contacts. These users get temporary access to all enterprise passwords, helping avoid delays or disruptions during critical moments Learn more.
F
Fine-grained controls
With fine-grained controls in Zoho Vault, administrators can manage user privileges more effectively by allowing or restricting access to specific features. This means certain users or groups, such as the marketing team, can be blocked from actions like exporting or sharing enterprise passwords, giving organizations more control over how sensitive data is handled Learn more.
Folders
Folders in Zoho Vault help users categorize and manage confidential information by creating folders and subfolders tailored to departments or tasks. For instance, credentials related to marketing tools such as Facebook, Twitter, and Google Ads can be stored in a "Marketing" folder and securely shared with relevant team members for easy collaboration Learn more.
G
Geolocation restriction
Geolocation restriction in Zoho Vault enables administrators to limit user access to the platform based on specific geographic locations. This added layer of security is particularly useful for industries such as banking, finance, insurance, and healthcare that require strict compliance. By configuring location-based rules, organizations can ensure that users or groups can only access Zoho Vault from approved regions like US or India Learn more.
Guest access
Guest access in Zoho Vault provides a secure and controlled way to share sensitive information with external parties like clients, partners, or contractors. This ensures external users can access specific data without gaining broad access to your internal vault or its features.
I
IP restriction
IP restriction is a security feature in Zoho Vault that allows administrators to permit access to the vault only from specific, trusted IP addresses, reducing the risk of unauthorized access Learn more.
M
Multi-account functionality
With Zoho Vault's multi-account support, users can effortlessly manage both work and personal accounts in one place. Available on mobile and desktop apps, this makes it easier to manage confidential data across different accounts without the need to log out and back in every time.
O
Offline access
With Zoho Vault's offline access, users can securely retrieve their passwords even without an internet connection. Passwords and other confidential information stored in Zoho Vault can be downloaded as an encrypted HTML file, allowing safe access from anywhere. The offline copy maintains the same level of security as the online version and can only be unlocked using the master password Learn more.
P
Passcard link
Zoho Vault's Passcard link provides a comprehensive summary of an individual account, including the username, password, attachments, TOTP, website URL, and other account-specific details, all accessible via a shareable link Learn more.
Passphrase generator
A passphrase generator creates a sequence of random words combined into a longer, more memorable login credential. Unlike short, complex passwords, passphrases are easier to remember while still being highly secure. Zoho Vault's passphrase generator lets you define the number of words, use mixed case or numbers, and choose separators to generate unique, strong passphrases Learn more.
Password access control
Password access control in Zoho Vault is a security feature that adds an extra layer of protection to shared business-critical passwords. Instead of giving unrestricted access, Zoho Vault requires users to submit access requests with valid reasons before viewing protected credentials. For example, if multiple administrators need a server's admin password, they must raise a request, which can then be reviewed and approved by authorized personnel, ensuring that sensitive passwords are accessed only for legitimate purposes Learn more.
Password generator
A password generator is a tool that creates random, secure passwords using a mix of letters, numbers, and symbols. Zoho Vault's built-in password generator uses cryptographically secure pseudorandom number generation (CSPRNG) algorithms to create strong, unique passwords. You can customize the complexity by choosing options like mixed case, whether it starts with an alphabet, and including special characters and numbers Learn more.
Password policy
A password policy in Zoho Vault is a set of rules that define password strength and security requirements for your organization. It ensures that users follow specific guidelines like length, complexity, and validity. You can apply a default policy or create a custom one to meet security needs. The password and passphrase generator follows these rules to create strong passwords Learn more.
Password reset alert
Password reset alerts in Zoho Vault help organizations enforce secure password practices by notifying users when their passwords are about to expire. As part of the password policy, admins can define how long passwords remain valid, and Zoho Vault automatically alerts users before expiration until the password is reset. This ensures timely password updates and compliance with organizational security policies Learn more.
Password validity
Password validity in Zoho Vault refers to the duration for which a password remains active before it must be reset, as defined by an organization's security policy. When a password is about to expire, Zoho Vault sends reminders starting three days prior and continues with daily notifications until the password is updated, ensuring compliance with security policies and promoting strong password hygiene.
Personalization
Personalization in Zoho Vault allows users to customize their accounts to better fit their organizational needs. It enhances user experience by providing options such as viewing favorite passwords by default, setting an inactivity timeout, selecting a preferred language, and enabling customizable themes and night mode Learn more.
R
Rebranding
Rebranding in Zoho Vault lets organizations customize the vault's appearance to match their brand. Super admins can add a custom logo, product name, welcome message, and footer message for exported reports. This helps employees adopt the password vault easily while ensuring a secure and familiar experience Learn more.
Reports
Reports in Zoho Vault provide administrators with full visibility into password activities. They offer intuitive tables and graphs summarizing various actions within the organization's vault. Reports can also be exported as PDFs, enabling admins to monitor activities, ensure compliance, and take necessary actions Learn more.
S
Scheduler
The scheduler in Zoho Vault automates the delivery of frequently monitored reports to simplify auditing. It allows admins and users to schedule reports on a weekly or monthly basis, ensuring that they receive copies directly in their registered email addresses. This helps in regularly auditing user activity to monitor and eliminate potential security threats Learn more.
Secure notes
Secure notes in Zoho Vault are a dedicated password category for storing sensitive information beyond standard login credentials. They're ideal for keeping data such as tax details, appointment reminders, and other private notes. Users can access, edit, and securely share these notes across all devices, ensuring that important information remains protected yet easily accessible Learn more.
SecureForms
SecureForms in Zoho Vault lets you safely collect confidential information from team members or external collaborators. Submitted data is automatically imported into your Vault account and stored securely. All information is encrypted, ensuring maximum privacy and protection Learn more.
T
Third-party sharing
A feature in Zoho Vault that lets users securely share passwords with external parties, such as contractors or freelancers, without requiring them to have a Zoho Vault account or be part of your organization's vault Learn more.
Trash bin
A Zoho Vault feature that helps keep your account organized by soft-deleting passwords, moving them to the Trash bin. Passwords remain in the Trash until the owner either restores them or permanently deletes them Learn more.