Security Operations: Examining Password Security Flashcards

1
Q

How can you edit password complexity locally?

A

Microsoft Edit Group Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the best way to avoid password attacks?

A

Do not involve character strings eg. P@ss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you keep up and manage passwords?

A

Password manager & Credential manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the additional considerations?

A

Zero Trust (Always verify, always assume breach)
Passwordless Authentication (non-knowledge base secrets)
MFA
HOTPs and TOTPs
Fast Identity Online (FIDO) (UAF,FIDO2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the examples of HOTPs and TOTPs?

A

Example Use Cases

HOTP:

Hardware Tokens: Physical devices that generate OTPs by pressing a button, which increments the counter.

Transaction Authentication: Situations where each transaction needs to be uniquely authenticated.

TOTP:

Mobile Authentication Apps: Apps like Google Authenticator or Authy generate OTPs based on the device’s current time.

Web Services: Online platforms that require a second layer of authentication use TOTP for generating OTPs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is FIDO UAF/FIDO2?

A

This authentication system does not use username and password that request via server.

FIDO uses public key cryptography which means when request happens to a server the device just tells it that the user wants to log in.

System authenticates via finger scan/face scan/ Pattern and avoids man in the middle and phishing attacks?

https://www.youtube.com/watch?v=k55tRpnI-6o

You can use ubikeys (usb tokens to authenticate)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly