Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Authentication Factors module. In this module, we will discuss something a user knows authentication. Passwords are the most common type of something a user knows authentication. They provide the least expensive method of authentication, but they're also the least secure. Once an attacker is able to discover a user's password, they can very easily impersonate that user.
Users typically do not know that their password has been stolen, and therefore do not know that someone is logging in pretending to be them. Passwords can be stolen using social engineering, which is a non-technical attack where the user is tricked into providing their password to a non- authorized individual.
You can also have dictionary attacks and brute force attacks, which attempt to guess the user's password. It is important to have user training and a strict password policy in order to increase your security. Users often write down their passwords or choose passwords that are easy to guess from a dictionary.
And users very rarely change their password. So it's important to have complex passwords of a significant length with symbols, numbers, upper case, and lower case letters. You can use password generators to create complex passwords, but again if they are complex users may just write them down. And it's best to use complex pass phrases, but these are not always allowed due to limitations in systems.
We do have some best practices we can follow as it relates to passwords to increase security. In order to prevent brute force attacks, we should make sure that passwords are at least 12 characters long. We should also make sure that users are not using dictionary words, because this makes them very easy to guess.
The system should have a threshold or clipping level of a number of failed log in attempts before the user is locked out. Typically this is three to five attempts. Our systems should maintain an audit log with the date and time and the user id, and the work station they were attempting to log in from.
And then an administrator should be reviewing this log of failed attempts in order to determine if there is an active attack on the network. Once the user's password has been locked out for too many failed password attempts, they should either need to contact and administrator to unlock their account or go through some type of self service password reset system.
That should ask them additional verification questions before unlocking their account. We should also change our passwords frequently, because once someone obtains our password they're able to use that password forever until we change it. The password life should be short but practical. Changing the password every 60 to 90 days is about average.
Cognitive passwords are very easy to remember for the user, but it's also very easy for an unauthorized individual to crack these passwords. These password questions are usually facts or opinions based on information about the user. Things like a mother's maiden name, a pet's name of a favorite color.
Although these are very easy for your user to remember, they are also easy for an attacker to guess. Things like your mother's maiden name can be located in public records and an attacker could use that to impersonate one of your users. It is best to use information that is not true when answering these questions in order to prevent an attacker from gaining access to accounts.
Often passwords are reset by having access to these questions. So if an attacker is not able to guess the user's password, they'll simply reset the user's password and enter the answer to the question like what's my favorite pet's name. They're able to determine the user's pet's name and then reset their password.
We want to use strong passwords. And one method of doing this is a pass phrase. This is a sequence of characters including spaces. And it's usually longer than a password. These longer passwords resist dictionary attacks because they're not actually using dictionary words. And they resist brute force attacks because of their length.
It's important to find passwords that are easy for a user to remember. And that way, the user will not have to write the passwords down, creating a security risk. Once passwords are entered into a system, the system will transform the password into a virtual password or hash. And store it as a hash rather than storing the actual password.
This helps to prevent an attack where a user captures a password database and has access to the passwords for all of the users. This concludes our authentication factors module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!