Lecture 6 - Authentication

Question 1

What is Authentication

Answer 1

They are who they say they are & they are permitted to access

Question 2

TOCTTOU

Answer 2

Time of check to time of use.
Repeated authentication.
At start, during a session.

Question 3

What is Passwords

Answer 3

Digital keys,

Question 4

Problems with passwords

Answer 4

People forget them
Can be guessed
Spoofing and Phishing
Keylogging
Compromised password files
Weak Passwords

Question 5

Password Policies

Answer 5

Certain length and type of char
no dictionary words
regularly change
no previously used passwords

Question 6

Storing Passwords

Answer 6

One-way hash functions
Cant be looked up by admin
Stored in shadow file, read protected.

Question 7

Types of password attacks

Answer 7

Online - on login terminals (phishing)
Offline - When password hash is obtained (brute force)
Dictionary Attacks - uses of common words.
Pretexting - obtaining private details by offering some pretext as a reason for needing them.

Question 8

Password Salting

Answer 8

Adding a random “salt” before hashing.
Assign random salt for each user
Prevent massive leaks.

Question 9

2-Factor Authentication

Answer 9

Text codes to mobile
Google authenticator
USB Device
TOCTTOU

Question 10

Password Alternatives

Answer 10

Biometrics - trade off between false +/-. accuracy is improtant
Location - not reliable on its own.