Glossary: Password management

This glossary covers essential cybersecurity and password management terminology from password policies and zero-knowledge encryption to RBAC, API authentication, and compliance frameworks like GDPR and SOC 2.

Master password — a single, primary password that grants access to a password manager or encrypted password vault, serving as the cryptographic key to unlock and decrypt all stored credentials, secrets, and sensitive information within the system. Because the master password controls access to all other passwords, it requires exceptional protection and must be significantly stronger than typical passwords.

Master password security is critical since forgetting or losing the master password typically results in permanent loss of access to all stored credentials due to zero-knowledge encryption architecture.

Password encryption — the process of converting plaintext passwords into an encrypted format using advanced cryptographic algorithms such as AES-256 or RSA to protect them from unauthorized access during storage or transmission. This security measure ensures that credentials remain confidential and protected from compromise, even in the event of data breaches or unauthorized system access.

When implemented properly within a password manager or password vault, encryption provides a critical layer of defense against credential theft.

Password generator — a tool that automatically creates strong, random, and secure passwords using a combination of uppercase and lowercase letters, numbers, and special characters. By eliminating the need for users to manually create passwords, password generators significantly reduce the risk of weak, predictable, or easily guessable credentials that are vulnerable to brute force and dictionary attacks.

Passwork includes built-in password generator that can create unique credentials for each account while automatically storing them in an encrypted password vault for convenient access.

Password hygiene — a set of best practices and security habits for creating, managing, and maintaining secure passwords to protect accounts and sensitive information from unauthorized access and cyber threats. Essential password hygiene practices include using strong, unique passwords for each account, changing passwords regularly, avoiding password reuse, enabling multi-factor authentication (MFA), and storing credentials securely in an encrypted password manager.

Good password hygiene also involves using a password generator to create random, complex passwords and regularly auditing your credentials for weak or compromised passwords through password health checks.

Password manager — a specialized software application that securely stores, organizes, and manages passwords and other sensitive credentials in an encrypted password vault, allowing users to access all their accounts with a single master password while maintaining strong, unique passwords for each service.

Enterprise password managers extend these capabilities with additional features such as role-based access control, audit trails, compliance reporting, and centralized administration for organizations.

Password management — the systematic practice of creating, storing, organizing, and maintaining secure passwords across multiple accounts and services through established policies, tools, and procedures that ensure credential security while balancing usability and organizational compliance requirements.

Enterprise password management extends beyond individual password practices to include centralized governance, policy enforcement, access monitoring, security audits, employee training programs, and integration with broader identity and access management (IAM) frameworks to protect organizational assets and maintain regulatory compliance.

Password policy — a formal set of rules, requirements, and guidelines that define how passwords must be created, managed, and used within an organization to maintain consistent security standards. Typical password policy requirements include specifications for minimum password length, password complexity requirements, password expiration periods, password reuse restrictions, and multi-factor authentication (MFA) enforcement for sensitive systems.

Effective password policy enforcement requires technical controls, user education, regular compliance audits, and integration with identity and access management (IAM) systems.

Password sharing — the process of securely providing access to credentials with other users and team members through encrypted channels within a password management system. Unlike insecure sharing methods such as email, messaging apps, or shared documents, secure password sharing tools utilize encrypted password vaults and shared folders with granular access control and permission management to enable controlled distribution of login information.

Modern password sharing solutions allow administrators to grant, revoke, or modify access permissions without exposing the actual password to recipients, and automatically update shared passwords across all authorized users when credentials are rotated.

Password strength — the measure of how resistant a password is to guessing, brute force attacks, dictionary attacks, and password cracking attempts, determined by multiple factors including length, complexity, randomness, and the use of diverse character types such as uppercase and lowercase letters, numbers, and special symbols.

Strong passwords typically contain at least 12-16 characters, avoid common words or patterns found in dictionary attacks, incorporate unpredictable character combinations, and do not include personal information that could be guessed through social engineering.

Password reset — the process of creating a new password when a user has forgotten their current credentials, suspects their password has been compromised, or needs to regain access to a locked account. The password reset process is typically initiated through secure verification methods such as email confirmation links, SMS codes, security questions, authenticator app verification, or administrator intervention in enterprise environments.

Organizations should establish clear password reset policies that balance security with user convenience, implement account lockout protections after multiple failed attempts, maintain audit trails of reset activities, and educate users about recognizing legitimate password reset requests versus phishing attempts.

Password reuse — the practice of using the same password for multiple different accounts, websites, or applications. Password reuse is a significant security risk because if one account is compromised in a data breach, attackers can use the stolen credentials to gain access to all other accounts that share the same password.

Best practices to avoid password reuse include creating a unique, strong password for every account and using a password manager to securely store and manage them.

Password rotation — a security practice of regularly changing passwords at scheduled intervals to minimize the risk of unauthorized access from compromised credentials, ensuring that even if a password is exposed through a data breach or phishing attack, its window of vulnerability remains limited.

Current password rotation best practices suggest changing passwords immediately when compromise is suspected, implementing automated credential rotation for service accounts and API keys, using password managers to generate and store new complex passwords during rotation, and balancing rotation frequency with password complexity requirements.

Password vault — an encrypted storage container within a password management system where credentials, secrets, API keys, certificates, and other sensitive information are securely stored using advanced encryption algorithms such as AES-256. Modern password managers implement zero-knowledge encryption architecture, meaning the vault contents are encrypted and decrypted locally on the user's device, ensuring that even the password manager provider cannot access stored credentials.

Password vaults can be organized into personal vaults for individual use or shared vaults for team collaboration, with each vault maintaining separate encryption keys and access controls.