Lec 6: User Authentication

Question 1

What evidence can you provide that you are who you say you are to authenticate a human to a computer?

Answer 1

Question 2

How do text passwords work? What questions do you need to consider when creating them?

Answer 2

Question 3

What are the prime move issues?

Answer 3

Question 4

What are the issues with password choice?

Answer 4

Question 5

What are the keypoints to “Users are not the enemy” by Adams and Sasse?

Answer 5

Question 6

What are the unintended consequences of reasonable ideas?

Answer 6

Question 7

What are the pitfalls in username and password design that make it possible to guess repeatedly?

Answer 7

Question 8

What were the results of [Morris & Thompson 79] Survey of 3,289 Passwords when there were no constraints on choice of password?

Answer 8

Question 9

How can users leak their passwords?

Answer 9

Question 10

How do fake authentication programs work?

Answer 10

Question 11

How does the Tenex password scheme work?

Answer 11

Question 12

How do you break Tenex in linear time?

Answer 12

Question 13

How can passwords be stolen in transit?

Answer 13

Question 14

How does attacking passwords in memory work?

Answer 14

Question 15

How does the unix password scheme work?

Answer 15

Question 16

What is the solution to the Unix password scheme?

Answer 16

Question 17

How do we know if adding salt is a good solution?

Answer 17

Question 18

How were Windows 95/98 passwords handled and what was problem with them? How were passwords dealt with in Windows NT/2000/XP?

Answer 18

Question 19

What are the misc practical issues with passwords?

Answer 19

Question 20

How does password reset work?

Answer 20

Question 21

How do Graphical passwords work? What are the potential faults?

Answer 21

Question 22

What are examples of recognition-based graphical passwords?

Answer 22

Question 23

How do we solve the problem of passwords being imperfect?

Answer 23

Question 24

In general, how do one time passwords work?

Answer 24

Question 25

How do hash-chain 1-time passwords work?

Answer 25

Question 26

How does one-time passwords ith authentication work?

Answer 26

Question 27

Why do 1-time passwords work?

Answer 27

Question 28

What are other kinds of cryptographic tokens?

Answer 28

Question 29

What do one-time passwords depend on?

Answer 29

Question 30

What is biometrics? What are its advantages

Answer 30

Question 31

What are some real-world biometric ids?

Answer 31

Question 32

What is the history of fingerprinting?

Answer 32

Question 33

What are the technology issues and challenges of biometrics?

Answer 33

Question 34

How do fingerprint scanners work? What are their characteristics?

Answer 34

Question 35

How do hand scanners work? What are their characteristics?

Answer 35

Question 36

How do eye scanners work and what are their characteristics?

Answer 36

Question 37

What are other examples of biometrics?

Answer 37

Question 38

What are enrollment issues of biometrics?

Answer 38

Question 39

How do we know how strong a biometric is?

Answer 39

Question 40

How do we test non-adversarial biometric strength?

Answer 40

Question 41

When is interception used? What are the challenges?

Answer 41

Question 42

What allows spoofing to happen?

Answer 42

Question 43

What are latent fingerprints?

Answer 43

Question 44

How does fingerprint forgery work (Matsumoto)?

Answer 44

Question 45

How do you make a gummy finger from a latent print?

Answer 45

Question 46

Can adversaries just cut our finger off to pass biometrics test?

Answer 46

Question 47

What are some anti-spoof techniques?

Answer 47

Question 48

T/F: There are spoofing techniques for virtually all biometrics?

Answer 48

True

Question 49

What is one approach to stronger security using biometrics?

Answer 49

Question 50

What are the social issues involved with biometrics?

Answer 50