Authentication Management

Question 1

Password Keys

Answer 1

This looks like a USB device and works in a conjunction with your password to provide multifactor authentication. An example of this is YubiKey.

Question 2

YubiKey

Answer 2

It’s a Federal Information Processing Standards (FIPS) 140-2 validation that provides the highest-level Authenticator Assurance Level 3 (AAL3) used for storing passwords

Question 3

Password Vaults

Answer 3

Password Vaults are stored locally on the device and store all of your passwords so that y ou don’t need to remember them. It uses AES-256 encryption, so it makes storage secure. A vault is only as secure as the master password that is used to protect the vault itself and normally employs multifactor authentication.

Question 4

Trusted Platform Module (TPM)

Answer 4

TPM chips are normally built into the motherboard of a computer and they are used when you are using Full Disk Encryption (FDE). An example of FDE would be Bitlocker.

Question 5

Hardware Security Module (HSM)

Answer 5

HSM can be a removable device that can be attached to a computer or a server via a USB connection. They are also used to store encryption keys, a key escrow who holds the private keys for third parties and stores them in an HSM.

Question 6

Knowledge-Based Authentication (KBA)

Answer 6

This is normally used by banks, financial institutions, or email providers to identify someone when they want a password reset.

Question 7

Static KBA

Answer 7

These are questions that are common to the user. For example, “What is the name of your first school?” this can be considered weak.

Question 8

Dynamic KBA

Answer 8

These are deemed to be more secure because they do not consist of questions provided beforehand.