A credential is any document or verification that details a qualification, competence, or authority to an individual for authentication. In IT, credentials can be seen as a proof of identity. Occupationally, this often refers to academic or educational qualifications, such as a degree, diploma, professional certificates or work experience. Credentials are considered proof of an individual’s expertise or experience. Examples of credentials include:
- A diploma
- Academic degrees
- Certifications
- Security clearances
- Identification documents
- Badges
- Scientific papers
An individual holding a credential is typically given documentation as proof of the credential. This proof is sometimes held by a third party.
Credentials in information technology
In information technology, credentials are a proof of identity. Amazon Web Services, a popular cloud computing service provider, features a security protocol that uses a credentialing system where a user uses a specific digital process consisting of an access key ID, a secret access key, and a security token to obtain temporary session credentials.
Security professionals use credentials, along with other tools such as firewalls, intrusion detection systems and network-based antivirus programs, to build a complete and solid network security infrastructure across the internet and networks. As security and authentication efforts evolve, so do the complexity of credentialing tools.
Credential stuffing
Credential stuffing is a type of cyberattack in which credentials obtained from a data breach on one service are used to attempt to log into a different, unrelated service. This type of attack is based on the assumptions that users will reuse usernames and passwords across multiple services. Bots are typically used for automation and scale. To avoid being a victim of credential stuffing:
- Limit and monitor the use of admin passwords.
- Limit credential reuse.
- Implement multi-factor authentication.
- Use a password manager with a strong, unsaved password.
- Implement strong hashing and encryption.
- Monitor NTLM, access control lists, and lsass.exe.
Industry-specific credentials
Diplomatic credentials
In diplomacy, credentials are known as a letter of credence. They are most commonly documents that ambassadors, diplomatic ministers, or other diplomatic individuals provide to the government for accreditation for the purpose of communicating diplomatic rank. Without credentials, a diplomat cannot receive official recognition.
Medical credentials
Medical practitioners must have credentials in the form of a license that is issued by the government of their respective practice. They receive this credential after education, training, and practical experience. Most medical credentials are granted for a specific practice.
Information technology credentials
IT systems use credentials to control the access of information or other resources. An example of this would be requiring an individual to verify their identity by providing a username and password. Other forms of authentication can be used, such as biometrics or public key certificates.
Cryptography credentials
Credentials are used in cryptography to verify the identity of a party to communication, most commonly in the form of machine-readable cryptographic keys and passwords. These credentials can be self-issued or issued by a third party.
