An unauthorized login is any sign-in to a device, service, or account by someone who isn't the legitimate owner. In AP Cybersecurity it's the goal of an online password attack and shows up as failed attempts, odd login times, or logins from unknown devices.
An unauthorized login happens when someone gets into an account they have no right to access. In AP Cybersecurity, this is the payoff an adversary is chasing during an online password attack: they try to log in to a device or service using common passwords, common password patterns, or stolen credentials until something works (EK 1.2.A.1).
You won't usually catch the login itself in the act. Instead, you spot the evidence around it. The CED gives you three classic signs of an online password attack: many failed login attempts in a short window, login attempts at unusual times, and login attempts from unknown devices (EK 1.2.A.2). Those patterns are the fingerprints an unauthorized login leaves behind in an authentication log.
This term lives in Unit 1: Introduction to Security, specifically Topic 1.2 Suspicious Website Logins. It's the thread tying together all three learning objectives in that topic: spotting the signs of a password attack (1.2.A), understanding how adversaries exploit weak authentication (1.2.B), and knowing how to make authentication stronger (1.2.C). An unauthorized login is the bad outcome, and the whole topic is about detecting it and preventing it. If you can read login behavior and explain what makes it suspicious, you've nailed the core skill this unit wants.
Keep studying AP Cybersecurity Unit 1
Visual cheatsheet
view galleryOnline password attack (Unit 1)
An unauthorized login is what a successful online password attack produces. Brute force attacks, dictionary attacks, and credential stuffing are all just different methods of guessing or reusing credentials until one login goes through.
Multifactor authentication / MFA (Unit 1)
MFA is the single best defense against an unauthorized login. Even if an adversary steals your password, they still need that one-time code, so a correct password alone no longer gets them in (EK 1.2.C.3).
Weak authentication and password patterns (Unit 1)
Unauthorized logins succeed because people pick guessable passwords using pet names, birthdays, or word-number-symbol patterns (EK 1.2.B.1). Adversaries build a custom dictionary from your personal info, which is exactly why long, random, unique passwords shut the door.
Expect this concept in MCQs that hand you a scenario or a snippet of an authentication log and ask you to identify what's suspicious. The right answer hinges on the three CED signs: a burst of failed attempts, logins at weird hours, or logins from devices the user doesn't own. You may also get asked to recommend a fix, where the strong choices are long random passwords, a password manager, or enabling MFA. Be ready to connect the dots: explain why a given login looks unauthorized AND what would have prevented it.
An online password attack is the method (repeatedly trying to log in to guess or reuse credentials). An unauthorized login is the result (someone actually gets in who shouldn't). The attack is the attempt; the unauthorized login is the success. Many failed attempts signal an ongoing attack, while one suspicious successful login signals it worked.
An unauthorized login is any sign-in by someone who isn't the legitimate account owner, and it's the goal of an online password attack.
The three CED warning signs are many failed attempts in a short time, logins at unusual hours, and logins from unknown devices.
Adversaries succeed because people reuse weak, personally meaningful passwords that fit predictable patterns.
Long, random, unique passwords (ideally from a password manager) make guessing logins far harder.
Multifactor authentication is the strongest defense because a stolen password alone no longer grants access.
It's when someone signs in to a device, service, or account they don't own. The CED frames it as the outcome of an online password attack, detectable through failed attempts, odd login times, or logins from unknown devices.
A password attack is the method of trying to break in (guessing or reusing credentials), while an unauthorized login is the successful result. Lots of failed attempts mean an attack is happening; one suspicious successful sign-in means it worked.
Mostly yes. Multifactor authentication requires extra proof of identity, like a one-time code, on top of the password (EK 1.2.C.3). So even if an adversary steals your password, they still can't log in without that second factor.
The CED lists three: many failed login attempts over a short duration, login attempts at unusual times, and login attempts from unknown devices (EK 1.2.A.2). Spotting these in an authentication log is the core skill in Topic 1.2.
Because people use weak, predictable passwords with pet names, birthdays, or a word-plus-number-plus-symbol pattern (EK 1.2.B.1). Adversaries build a custom dictionary from your personal info and automate the guessing.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.