2.2: User IDs and Passwords Flashcards
What are user IDs and passwords for
Common means to authenticate themselves to a resource.
Electronic Password vaulting
Use by users to store their passwords.
Example : Password Safe and KeePass
user account provisioning
user account provisioning refers to the management of user rights and privileges
Can a password created by an admin be sent to the user by email?
In no circumstance should a password be sent via email.
Data sensitivity
The value of the data protected by access controls should be a factor in determining how users accounts are provisioned.
Risks with user IDs and Passwords
- Eavesdropping
- Phishing
- Finding a password written down
- Finding a stored password
Multfactor Authentication
Require a user ID and password, but also the user have something in their possession, or a biometric that is used to form a part of the authentication.
Technologies used for multifactor authentication
- Tokens,
- Soft tokens
- Sms tokens,
- Smart cards,
- Digital certificates, biometrics.
Digital Certificates
An electronic document that uses a digital signature signature to bind a public encryption key with a user’s identity.
Biometrics
Several technologies that measure a physical characteristic of a user.
Example of biometric
- Fingerprint,
- Handprint - a scanner designed to measure the geometry of a person’s hand.
- Palm vein
- Voice recognition
- Iris scan
- Facial scan
- Handwriting
Biometric measurements
- False reject rate : Rate at which valid subjects are rejected.
- False accept rate: Rate at which invalid subjects are accepted.
- Crossover error rate : This is the point at which the false reject rate equals the false accept rate.
When does a false reject rate occurs
This occurs when the biometric system has too of a small margin error
When does a false accept rate occur
This occurs when the biometric has too of a large margin of error
Biometric Usability issues
- Sanitary
* Privacy
