Please enable JavaScript.
Coggle requires JavaScript to display documents.
ITCS: Authentication (Password checklist (NO Simple, No sharing, Dont…
ITCS: Authentication
Password checklist
NO Simple
No sharing
Dont leave passwords lying around
Check website is secure
Change default passwords
Try password maanger program
Two-factor authentication
Salting
Increasing security of stored passwords
Add random value (salt) to plaintext password before hasing process
Increases num of possible hash values for passwords
Two password have different hashes
Hashed password and relevant stored on password server
When user logs in: password + stored salt added together
Salting is only effective if
Truly random salts are used
Salt is long enough
Salt should be same length as the output hash
Attacking passwords
Dictionary attack
Brute force attack
Dictionary and Brute force can be prevented by having computers watch for unsuccesful attempts
Identifying and Authentication
Way of uniquely identifying each user that prevents users from impersonating each other.
Passwords should be
Memorable enough to not write down
Long and unique
Potential Weaknesses in passwords
Passwords is transmitted in plaintext
SSL
Secure Socket Layer
Most common form of encryption
https
padlock
Passwords is stored in plaintext
Hashing
Processing plaintext
Creates unique, fixed length identifier
Okay if hash falls into hostile hands
Password hashed and hash is stored
Password compared to hash
Two-factor authentication
Hardware security tokens
Physical
Contain clock
Crates new-one time password
Web based two factor authentication
Mobile phone
Compaion application