Authentication and Access Control

Questions and Answers

What is the primary goal of two-factor authentication?

To eliminate the need for password management

To provide a convenient login experience

To reduce the number of passwords users need to remember

To add an extra layer of security to the authentication process (correct)

Which type of access control is based on a set of rules?

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

Mandatory Access Control (MAC) (correct)

Discretionary Access Control (DAC)

What is a potential challenge of biometric authentication?

Limited accuracy and reliability (correct)

Improved security against spoofing attacks

High cost of implementation

Increased convenience for users

What is the primary benefit of single sign-on (SSO)?

Convenience for users through reduced password burden

What is a recommended best practice for creating and managing passwords?

Using a password manager to generate and store passwords

What is the purpose of hashing and salting passwords?

To store passwords securely and protect against unauthorized access

What is a type of single sign-on (SSO) that uses a standardized protocol?

Federated SSO using SAML or OpenID Connect

What is a potential advantage of biometric authentication?

Unique and difficult to replicate characteristics

What is the purpose of authentication in access control?

To verify the claimed identity of a user

What is a potential risk associated with password management?

Leakage of password data through insecure storage

Study Notes

Authentication

Two-Factor Authentication

• Adds an extra layer of security to the authentication process
• Requires two forms of verification:
  • Something you know (password, PIN, etc.)
  • Something you have (smart card, token, etc.) or something you are (biometric)
• Examples:
  • One-time password (OTP) sent to a mobile device
  • Authenticator app that generates a time-based code

Access Control

• Process of controlling and managing access to resources and systems
• Involves:
  • Identification: claiming an identity
  • Authentication: verifying the claimed identity
  • Authorization: determining access rights based on authenticated identity
• Types of access control:
  • Mandatory Access Control (MAC): access is determined by a set of rules
  • Discretionary Access Control (DAC): access is determined by the owner of the resource
  • Role-Based Access Control (RBAC): access is determined by a user's role within an organization

Biometric Authentication

• Uses unique physical or behavioral characteristics to verify identity
• Examples:
  • Fingerprint recognition
  • Facial recognition
  • Iris scanning
  • Voice recognition
  • Handwriting recognition
• Advantages:
  • Unique and difficult to replicate
  • Convenient and easy to use
• Challenges:
  • Privacy concerns
  • Accuracy and reliability issues
  • Spoofing attacks (e.g., using fake biometric data)

Single Sign-on (SSO)

• Allows users to access multiple systems or applications with a single set of login credentials
• Benefits:
  • Convenience: users only need to remember one set of credentials
  • Increased security: reduces the risk of password-related security breaches
• Types of SSO:
  • Kerberos-based SSO
  • Token-based SSO
  • Federated SSO (e.g., using SAML or OpenID Connect)

Password Management

• Best practices for creating and managing passwords:
  • Use strong, unique passwords for each account
  • Use a password manager to generate and store passwords
  • Avoid common passwords and password patterns
  • Regularly update and change passwords
• Password storage and security:
  • Hashing and salting passwords for secure storage
  • Using password-based key derivation functions (PBKDFs) for secure authentication

Description

Test your knowledge of authentication and access control methods, including two-factor authentication, biometric authentication, single sign-on, and password management. Learn about the different types of access control and best practices for creating and managing passwords.