Security Operations: Examining Password Security Flashcards
How can you edit password complexity locally?
Microsoft Edit Group Policy
What is the best way to avoid password attacks?
Do not involve character strings eg. P@ss
How can you keep up and manage passwords?
Password manager & Credential manager
What are the additional considerations?
Zero Trust (Always verify, always assume breach)
Passwordless Authentication (non-knowledge base secrets)
MFA
HOTPs and TOTPs
Fast Identity Online (FIDO) (UAF,FIDO2)
What are the examples of HOTPs and TOTPs?
Example Use Cases
HOTP:
Hardware Tokens: Physical devices that generate OTPs by pressing a button, which increments the counter.
Transaction Authentication: Situations where each transaction needs to be uniquely authenticated.
TOTP:
Mobile Authentication Apps: Apps like Google Authenticator or Authy generate OTPs based on the device’s current time.
Web Services: Online platforms that require a second layer of authentication use TOTP for generating OTPs.
What is FIDO UAF/FIDO2?
This authentication system does not use username and password that request via server.
FIDO uses public key cryptography which means when request happens to a server the device just tells it that the user wants to log in.
System authenticates via finger scan/face scan/ Pattern and avoids man in the middle and phishing attacks?
https://www.youtube.com/watch?v=k55tRpnI-6o
You can use ubikeys (usb tokens to authenticate)