Password Security and Authentication

Study Flashcards Play Quiz

Questions and Answers

What is the primary purpose of using a salt value in password hashing?

To prevent duplicate passwords and make offline dictionary attacks more difficult

What is the main benefit of password hashing in terms of password security?

It prevents cybercriminals from getting access to the passwords file

What type of attack is made more difficult by the use of hashed passwords and salt values?

Offline dictionary attack

What is the primary function of the ID in discretionary access control?

To determine the privileges accorded to the user Signup and view all the answers

What is the purpose of designing a hash algorithm to be slow to execute?

To thwart attacks Signup and view all the answers

What is a common type of password vulnerability?

Exploiting multiple password use Signup and view all the answers

What is the primary purpose of using salt values in password hashing?

To make precomputation impractical due to vast number of possible hash values Signup and view all the answers

Why are shorter password lengths more susceptible to cracking?

Because they have fewer possible combinations Signup and view all the answers

What type of attack is an attacker planning when using a rainbow table?

Rainbow table attack Signup and view all the answers

What is the purpose of a password file access control?

To deny access to encrypted passwords Signup and view all the answers

What is the primary goal of proactive password checking?

To eliminate guessable passwords while allowing users to select a memorable password Signup and view all the answers

What type of authentication uses objects possessed by users for authentication purposes?

Token-based authentication Signup and view all the answers

What is a disadvantage of using SMS-based one-time passwords for authentication?

It requires mobile coverage to receive SMS Signup and view all the answers

What is a type of attack that involves intercepting messages using a fake mobile tower or attacking SS7 signaling protocol?

Eavesdropping attack Signup and view all the answers

What is a characteristic of mobile authentication apps?

Implements a one-time password generator Signup and view all the answers

What is a disadvantage of using biometric authentication?

It is technically complex and expensive Signup and view all the answers

What is a type of attack that involves an adversary attempting to learn a password by some sort of attack that involves physical proximity?

Eavesdropping attack Signup and view all the answers

What is a common defense against password guessing attacks?

Hashing and protecting the password database Signup and view all the answers

What is a type of attack that involves an adversary repeating a previously captured user response?

Replay attack Signup and view all the answers

What is a type of attack that involves an application or physical device masquerading as an authentic application or device?

Trojan horse attack Signup and view all the answers

What is a type of attack that involves an adversary attempting to disable a user authentication service by flooding the service with numerous authentication attempts?

Denial-of-Service attack Signup and view all the answers

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.