Authentication Methods
Name the three ways to authenticate yourself
Something you know, something you have, something you are
The #1 method hackers use to steal passwords?
What is -Steal it directly (shoulder surfing, keylogger, written down password)
True/False: It takes several hours to crack a password that is 8 characters and is all numbers
False - It can be cracked instantly
When a database is exposed or stolen, making user data at risk
What is a data breach?
The AAA stands for this in cybersecurity?
Authentication, Authorization (Access Control), Accounting (Auditing)
What type of authentication is a password?
Something you know
Software that rapidly tests all possible character combinations to guess a password
What is a brute force attack?
True/False: Women tend to use hobbies for their passwords
False
When your account or data has been compromised in a breach
What does "pwned" mean in cybersecurity?
Authentication proves WHO you are; ____________ determines WHAT you can access
authorization
Smart card, ID card, phone with code, security token are examples of
What is "something you have" authentication
Tries one weak password on many accounts; brute force tries many passwords on one account
What is password spraying
True or False: It's okay to use the same password for multiple accounts if it's a strong password
FALSE - Always use unique passwords for each account
What should you do if you find out your email was in a data breach?
Change your password immediately, especially on any other accounts using the same password
System logs, login history, security camera footage, transaction records, audit trails are real-world example of
accounting/auditing
Something you are - uses physical characteristics like fingerprint, face scan, retina scan
What is biometric authentication?
Using stolen username/password pairs from one breach to access accounts on other sites. Works because 52% of people reuse passwords
What is credential stuffing
Name three things a strong password should include
Uppercase letters, lowercase letters, numbers, symbols, 8 +
This is a main target for hackers. It contains thousands or millions of user credentials at once, which can then be used for credential stuffing attacks instead of attacking individual accounts.
Databases
It tracks what happened, helps detect breaches or suspicious activity, provides evidence for investigations, and holds users accountable
ccounting/auditing
Combines two or more authentication methods, so even if one is compromised, the account is still protected
What is multi-factor authentication
Uses a database of common words, phrases, names, and character substitutions that people likely use, making it faster than trying every possible combination
What is a dictionary attack
The minimum recommended password length? Should be more than ____ - _______ characters long
At least 8-12 characters (12+ is better!)
According to research, what percentage of people reuse their passwords across multiple accounts?
52% have a "favorite" password they use on multiple accounts
This is the most secure authentication method combining two or more methods to access an account
Multifactor Authentication