vimwiki/tech/digital_authentication.wiki

38 lines
929 B
Plaintext

= digital authentication =
Establish confidence in user ID in an electronic system
== requirements ==
* ID system users, process, etc
* Authenticate the ID of those users, processes etc
Derived requirements from this,
* use multi factor authentication
* be replay resistant
* prevent reuse of IDs for a defined period
* disable ID after some period of inactivity
* enforce a minimum complexity for passwords
* prohibit passwords for a specific amount of time
* store and transmit only cryptographically protected passwords
* Obscure feedback from authentication
* IE don't say "wrong password" or "user does not exist"
== means of authentication ==
* password/pin
* ID that goes with password must be unique
* Vulns
* dictionary
* popular password
* password guessing against 1 user
* Social engineering password out of user
* physical token (IE smart card)
* static biometrics (IE finger/face)