What are the three types of user authentication?
Something you know
Something you have
Something you are
What is the information entropy of a password?
The base 2 log of the number of guesses needed to find the password with certainty. Measured in bits.
What is the information entropy of a randomly generated password?
The length of the password in bits.
Why do passwords created by humans have less information entropy that randomly generated passwords?
Human generated passwords often have patterns such as using real words.
Why can forcing users to use randomly generated passwords cause more problems?
Leads to user’s recording their password somewhere
The password recovery method becomes the weak point (i.e. user’s email)
What is a dictionary attack?
A variant of a brute force, where the attacker uses a list of common or expected words to generate possible passwords.
What is the problem for an attacker if they steal and then use a one time pad?
The owner of the account will know it has been compromised when their attempt to login fails
What is the problem for an attacker if they steal and then store a one time pad for use later?
It will either expire or the user will use it, preventing the attacker from being able to use it later.
