CISSP Exam Cram, 5th Edition by Michael Gregg

Author:Michael Gregg [Michael Gregg]
Language: eng
Format: epub
Publisher: Pearson IT Certification
Published: 2021-07-18T16:00:00+00:00

Something You Know (Type 1): Passwords and PINs

We begin our discussion of authentication systems by discussing passwords. Of the three types of authentication, passwords are the most widely used. The problem with this method is that passwords are typically weak. Consider the following:

People use passwords that are easy to remember.

Difficult passwords might be written down and left where others can find them.

Most of us are guilty of reusing passwords.

Reputability is a real issue with passwords because it is hard to prove who made a specific transaction or gained access.

Passwords can be cracked, sniffed, observed, replayed, or broken. Common password cracking can use dictionary, hybrid, or exhaustive search (brute force) attacks.

Dictionary attacks use common dictionary words, and hybrid password cracking uses a combination of words as random characters, such as 1password or p@ssw0rd. Brute force attempts all possible variations, which is typically time consuming. Rainbow table attacks use precomputed hash tables to reduce password cracking time and recover the plaintext password.

Many people are predictable and, as such, might use passwords that are easily guessed. Many times passwords are based on birthdays, anniversaries, a child’s name, or even a favorite pet. With the massive growth of the Internet and “Big Data” it is easy to use social engineering to find this information.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.