36 lines
927 B
Plaintext
36 lines
927 B
Plaintext
= digital authentication =
|
|
|
|
Establish confidence in user ID in an electronic system
|
|
|
|
== requirements ==
|
|
|
|
* ID system users, process, etc
|
|
* Authenticate the ID of those users, processes etc
|
|
|
|
Derived requirements from this,
|
|
|
|
* use multi factor authentication
|
|
* be replay resistant
|
|
* prevent reuse of IDs for a defined period
|
|
* disable ID after some period of inactivity
|
|
* enforce a minimum complexity for passwords
|
|
* prohibit passwords for a specific amount of time
|
|
* store and transmit only cryptographically protected passwords
|
|
* Obscure feedback from authentication
|
|
* IE don't say "wrong password" or "user does not exist"
|
|
|
|
== means of authentication ==
|
|
|
|
* password/pin
|
|
* ID that goes with password must be unique
|
|
* Vulns
|
|
* dictionary
|
|
* popular password
|
|
* password guessing against 1 user
|
|
* Social engineering password out of user
|
|
* physical token (IE smart card)
|
|
* static biometrics (IE finger/face)
|
|
|
|
|
|
|