authentication
1. Introduction to Authentication
Authentication is a crucial initial step in access control. It verifies users' identities before granting access to systems.
2. Common Authentication Factors
Three primary factors are commonly used:
Something You Know: E.g., passwords, security questions.
Something You Have: E.g., smart cards, tokens.
Something You Are: E.g., biometric methods like fingerprints.
3. Authentication Systems
An authentication system matches provided credentials against a database of authorized users.
Common types of authentication systems include:
Multi-Factor Authentication (MFA): Combines multiple authentication methods.
Two-Factor Authentication (2FA): Requires two types of authentication.
Biometrics: Uses unique physical traits.
Tokens: E.g., hardware or software tokens.
4. Explanation of Authentication Factors
Authentication factors can be categorized as:
Knowledge-based: Passwords, PINs, security questions.
Possession-based: Hard tokens, SMS OTPs, security keys.
Inheritance-based: Biometric scans such as fingerprints, iris recognition, and facial recognition.
5. Passwords and Related Methods
Passwords: The most common knowledge-based factor for user authentication.
Personal Identification Numbers (PINs): A numerical code serving as an authentication credential.
Security Questions: Serve as an additional layer of identity verification.
6. Possession Factors
Possession factors require a physical object for access:
SMS One-Time Passwords (OTPs): Sent to a user's registered phone number.
Hardware Tokens: Devices that generate or store authentication credentials.
Security Keys: USB devices providing two-factor authentication.
7. Biometric Authentication
Fingerprint Scans: Unique and reliable for access control.
Iris Recognition: High accuracy rates and unique identification.
Facial Authentication: Uses dynamic facial features for verification.
8. Additional Factors in Authentication
Location Factors: Use geolocation to verify user locations before granting access.
Behavior Factors: Actions, such as drawing a pattern, to determine authorization.
9. MFA and 2FA Overview
Single-Factor Authentication: Involves just one type of evidence (e.g., a password).
Multi-Factor Authentication (MFA): Requires two or more authentication methods from different categories.
Two-Factor Authentication (2FA): Involves two authentication methods, both from distinct categories.
10. Advantages of MFA
Reduces the risk of unauthorized access even if a password is compromised.
Popular methods include:
Text or Voice Message Verification.
Application-based MFA.
Biometric Methods.
11. Protecting Authentication Factors
Essential to secure authentication mechanisms and data:
Knowledge Factors: Use complex passwords resistant to brute-force attacks.
Possession Factors: Protect from replication and unauthorized use.
Biometric Data: Guard against unauthorized copying and use.
12. Password Security Evolution
Plaintext: The simple unencrypted form of data.
Hashing: A way to store passwords securely by converting to a fixed-size string.
Salting: Adds random data to passwords before hashing for better security.
13. Future of Password Security
Multi-Layered Authentication: Increasing use of diverse password requirements.
Biometrics: Utilizing physical traits instead of text passwords.
Artificial Intelligence: Potential for AI to enhance password security by responding to hacking attempts.
14. Building a Strong Password System
Importance of effective password management in protecting sensitive information.
Adhere to best practices to uphold users’ trust and security.
15. Balancing Security Factors
Database Hygiene: Use strong hashing functions to prevent leaks.
User-Friendly Access: Ensure services are quick and secure concurrently.
Maintainability: Rely on proven, reliable security practices and algorithms.
16. Password Cracking Evolution
Definition of password: A secret string used for authentication.
Historical context: Originating from ancient soldiers using passwords for secure entries.
17. Password Cracking Methods
Password cracking aims to gain unauthorized system access, often through two phases:
Dumping password hashes.
Cracking those hashes through various methods.
18. Tools for Password Cracking
Examples include Cain and Abel and John the Ripper, using CPU and GPU support for efficiency in cracking passwords.
Strong, complex passwords significantly increase the time needed for successful cracking.
19. Types of Authentication
Password-based authentication.
Multi-factor authentication.
Certificate-based authentication.
Biometric authentication.
Token-based authentication.
20. Authentication Tokens
Definition: Verifies a user's identity for secure access.
Types include:
Hardware Tokens: Physical objects used for authentication.
Software Tokens: Generated by applications, often for 2FA.
21. Common Authentication Token Types**
JWT (JSON Web Token).
OAuth Tokens.
SAML Tokens.
22. Password Guessing Attack
Classifications of attacks include:
Dictionary Attacks.
Brute Force Attacks.
Keylogger Attacks.
Man-in-the-Middle Attacks.
Credential Stuffing Attacks.
23. Types of Password Attacks
Phishing.
Man-in-the-Middle Attacks.
Brute Force Attacks.
Dictionary Attacks.
Credential Stuffing.
Keyloggers.
24. Understanding Authentication Policies
Authentication policies help define settings for user verification in an organization.
25. Introduction to Kerberos
Kerberos Protocol: Uses a trusted third-party to authenticate users securely without transmitting passwords.
26. Kerberos Authentication Process
Process Steps:
Client requests a TGT from the KDC.
Receives a ticket to access specific services.
Uses the ticket to authenticate to the intended server.
27. Overview of Kerberos
Functionality: Proves identity through encrypted "tickets" without transmitting passwords over the network.
28. Important Notes on Kerberos
Authentication is implicit, so sensitive information is encrypted.
Passwords are never stored or transmitted in clear text.