In network security, "credentials" refer collectively to the various types of information utilized to authenticate identities, typically including user IDs, passwords, biometric data, or tokens. Such authentication data is also sometimes specifically called "credential information."
Most systems commonly adopt a pair of user ID and password as standard credentials. However, for systems requiring advanced security measures, additional credential factors—such as biometric attributes (fingerprints, facial recognition, etc.) or one-time passwords (OTP)—are frequently employed in conjunction for enhanced security assurance.
Credentials are not limited solely to user identity (human identity). In scenarios where multiple internet services integrate or federate, authentication and authorization frameworks like OAuth facilitate the exchange of authorization information. In OAuth, the requesting service (client) receives an "authorization grant" from the user, which it then presents as credentials to the authorization server. The authorization server responsible for providing services authenticates the client, accepts these credentials, and generates an access token. The client then uses this access token to request resources from the server. In certain contexts, these tokens themselves are also referred to as credentials.