Glossary Term

Shared Secret

A Shared Secret is a static word, phrase, or string of characters agreed upon by two parties in order to confirm identity as a form of knowledge-based authentication (KBA).

Passwords are the most common example of shared secrets; through initial password selection, a system and user "agree" that the next time the user attempts to log in, the system will prompt them for the chosen password and the user will provide it, and that if the user fails to provide it, they will not be logged in.

"Secret questions" commonly seen in two-step authentication, such as "What is your mother's maiden name?" or "What was the name of your first pet?" are also instances of shared secrets frequently used for authentication purposes.

Shared secret authentication is both particularly common and also particularly insecure, as the secrets are static, rather short for very practical reasons, often very easy to either brute force or to guess, and relatively easy to steal or lose, whether through phishing, various forms of snooping or interception, or user carelessness.

2FA/MFA Rapid Reference

Authentication at a glance

Download the 2FA/MFA Rapid Reference now:

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms


2FA/MFA Rapid Reference

  • 2FA and MFA basics and common solutions
  • The benefits and drawbacks of each
  • Glossary of authentication terms
Save PDF  



2020 Authentication Guide

Summary of authentication recommendations from major standards bodies, plus Plurilock’s own recommendations.

White Paper: Advanced Authentication

The state of authentication today—and why you need Plurilock products.

Understanding MFA vs. Privacy

Is multi-factor authentication always good for privacy? See why it isn't, and which strategies make the grade.

Behavioral Biometrics Guide

The definitive guide to behavioral biometrics, a core Plurilock technology.

Stay informed. Join our low-volume mailing list for Plurilock and cybersecurity news and updates.


Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.



Contact Plurilock

Have a question or comment? 

Plurilock Lead Capture Block

Welcome to Plurilock!

We’d love to hear about your interest in our products.


Okay, cool.

We'd like to provide you with more info. How can we reach you?

Enter your email above to agree to receive commercial electronic communication from Plurilock via email.


Someone from Plurilock will get in touch with you soon.
In the meantime, learn more about our ADAPT and DEFEND products—and be sure to check out our Blog for in-depth cybersecurity coverage.