Chapter 13

Question 1

Biometric authentication:

Type I error - False negative
Type II error - False positive

Answer 1

CER: FRR = FAR
Low CER - more accurate

Enrollment - create reference profile; 2 mins acceptable
Throughput - authentication time; 6 secs acceptable

Question 2

Cognitive password

Answer 2

Security question

Question 3

Authentication Factors

Answer 3

Type 1 - something you know
Type 2 - something you have
Type 3 - something you are

Question 4

Authoritative Password Recommendations

Answer 4

NIST:
1. Must be hashed
2. Should not expire
3. Can be copied/paste
4. Should not require special chars
5. Should be able to use all chars
6. Should be 8 - 64 chars
7. Use screen passwords

PCI DSS:
1. Expire every 90 days
2. At least 12 chars
3. Both numeric and alpha
4. Pwd history of 4

Question 5

Device authenticator (Token)

Answer 5

Time-based OTP (Sync)
Hash-based OTP (Async)

Question 6

Device authentication

Answer 6

• matched registered attributes of device (fingerprinting)
• context-aware authentication; place, time of day, etc.
• use 802.1X

Question 7

SSO

Answer 7

Authenticate once to access multiple resources

Question 8

Federated Identity Mgmt (FIM)

Answer 8

• SSO for multiple orgs
• Via SAML, OpenID, OAuth, OpenID Connect

1. Cloud-based federation - user 3rd party service for fed identity sharing
2. On-premise
3. Hybrid - cloud and on-prem
4. Just-in-time - only create on first access

Question 9

Credential Manager API

Answer 9

e.g. login to Facebook from Google