Abstract
This chapter covers the basic protection mechanism against unauthorized access to a computing system, known as Authentication.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Techlicious/Fox Van Allen @techlicious (August 08, 2013). “Google Reveals the 10 Worst Password Ideas | TIME.com”. Techland.time.com. Date accessed 01 July 2015. URL: http://techland.time.com/2013/08/08/google-reveals-the-10-worst-password-ideas/?iid=biz-article-mostpop2
http://splashdata.com/press/worst-passwords-of-2014.htm. Date accessed 01 July 2015
Tips for creating a strong password. Date accessed 15 July 2015. URL: http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password
Scarfone K, Souppaya M (2009) Guide to enterprise password management: recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-118
Stallings W (2010) Cryptography and network security: principles and practice, 5th edn. Prentice Hall Press, Upper Saddle River
Passwords technical overview (2 May 2012). Date accessed 15 July 2015. URL: https://technet.microsoft.com/en-us/library/hh994558(v=ws.10).aspx
Suo X, Zhu Y, Scott Owen G (2005) Graphical passwords: a survey. In: Computer security applications conference, 21st annual, 10 pp. IEEE
Rubenking N (2 June, 2015) The best password managers for 2015, PC magazine. Date accessed 15 July 2015. URL: http://www.pcmag.com/article2/0,2817,2407168,00.asp
Kate V (15 June, 2015) Password manager LastPass hacked, exposing encrypted master passwords, Forbes magazine. Date accessed 15 July 2015. URL: http://www.forbes.com/sites/katevinton/2015/06/15/password-manager-lastpass-hacked-exposing-encrypted-master-passwords/
Dave F (2010) Best practices for a secure “Forgot Password” feature, fishnet SECURITY. Date accessed 15 July 2015. URL: https://www.fishnetsecurity.com/sites/default/files/media/10WP0003_BestPractices_SecureForgotPassword%5B1%5D_0.pdf
http://goodsecurityquestions.com/. Date accessed 01 July 2015
Kluever K, Zanibbi R (2009) Balancing usability and security in a video CAPTCHA. In: Proceedings of the 5th symposium on usable privacy and security (SOUPS), p 14. ACM, Mountain View, CA, USA
Gafurov D, Snekkenes E, Bours P (2007) Gait authentication and identification using wearable accelerometer sensor. In: 2007 IEEE workshop on automatic identification advanced technologies. IEEE, pp 220–225
Gafurov D, Helkala K, Søndrol T (2006) Biometric gait authentication using accelerometer sensor. J Comput 1(7):51–59
Shiraga K, Trung NT, Mitsugami I, Mukaigawa Y, Yagi Y (2012) Gait-based person authentication by wearable cameras. In: 2012 ninth international conference on networked sensing systems (INSS). IEEE, pp 1–7
Joyce R, Gupta G (1990) Identity authentication based on keystroke latencies. Commun ACM 33(2):168–176
Hwang S-S, Cho S, Park S (2009) Keystroke dynamics-based authentication for mobile devices. Comput Secur 28(1):85–93
Nauman M, Ali T (2010) Token: trustable keystroke-based authentication for web-based applications on smartphones. In: Information security and assurance. Springer, Berlin, pp 286–297
Zahid S, Shahzad M, Khayam SA, Farooq M (2009) Keystroke-based user identification on smart phones. In: Recent advances in intrusion detection. Springer, Berlin, pp 224–243
Eric G, Upadhyay M (2013) Authentication at scale. IEEE Comput Reliab Sci
Dasgupta D, Azeem R (2008) An investigation of negative authentication systems. In: Proceedings of 3rd international conference on information warfare and security
Dhamija R, Perrig A (2000) Deja Vu: a user study using images for authentication. In: Proceedings of 9th USENIX security symposium
iRevolutions (17 June, 2013). How ReCAPTCHA Can Be Used for Disaster Response. Date accessed 1 Jan 2017. URL: https://irevolutions.org/2013/06/17/recaptcha-for-disaster-response/
Maltoni D, Maio D, Jain AK, Prabhakar S (2009) Handbook of fingerprint recognition. Springer Science & Business Media
Author information
Authors and Affiliations
Corresponding author
Appendices
Descriptive Questions
Question 1:
What are the basic steps in authentication process?
Question 2:
What are different types of authentication? Give at least two examples of each type.
Question 3:
How are the passwords stored? Why is salt added to the hashed passwords? Describe with a diagram.
Question 4:
What are the five major criteria to select secure passwords?
Question 5:
What is the role of password manager? List three recently used password manager tools.
Question 6:
What is SSO? Describe the benefits of choosing SSO over regular authentication process?
Question 7:
What are the most common ways of resetting forgotten passwords?
Question 8:
What are the common issues with PIN-based systems? Describe two such issues.
Question 9:
List two Type II authentication systems. Briefly describe their characteristics.
Question 10:
What are the basic differences between physiological and behavioral biometrics? What are the possible benefits of choosing biometrics over typical passwords?
Multiple-Choice Questions
Question 1:
In terms of time, which group of passwords should be easiest to guess due to commonality?
-
A.
password baseball qwerty dragon 12345789 football
-
B.
shorty ragequit numbers no1knows god123 offby1 iam2safe 69erfan drinker
-
C.
cellar1door rage1quit drinks1on2me candy1apples computers1are2safe
Question 2:
In terms of time, which group of passwords should be easiest to guess due to shortness and/or low character variation?
-
A.
password baseball qwerty dragon 12345789 football
-
B.
shorty ragequit numbers no1knows god123 offby1 iam2safe 69erfan drinker
-
C.
cellar1door rage1quit drinks1on2me candy1apples computers1are2safe
Question 3:
You are trying to create a bank account and they ask you to enter a PIN number for the account. What would be a good PIN for you to use?
-
A.
1111
-
B.
1234
-
C.
4571
-
D.
9876
Question 4:
Mary is creating an account with a bank. They ask her to implement her own security questions as another type of security measure. What would be a good security question for her to come up with?
-
A.
What is the name of your first pet?
-
B.
What is the name of your favorite movie?
-
C.
What is the name of your best friend?
-
D.
What was the name of the first person that you hugged?
Question 5:
Mary is creating an account with a bank. This time when Mary gets to the security question part she can no longer create her own question but is forced to use one that is provided to her. The question that she has to answer is: «What is the name of your first pet?» Which of the following should she choose about how she should answer this question?
-
A.
With the name of her first pet plus the name of her second pet.
-
B.
With the name of her first pet.
-
C.
With a random name that has nothing to do with her pets.
-
D.
With her mother’s maiden name.
Question 6:
Which token authentications require personnel to verify? (Select all that apply)
-
A.
Passports
-
B.
Drivers’ Licenses
-
C.
Swipe Cards
-
D.
Smart Cards
-
E.
Dongles
Question 7:
Which token authentications are usually automated? (Select all that apply)
-
A.
Passports
-
B.
Drivers’ Licenses
-
C.
Swipe Cards
-
D.
Smart Cards
-
E.
Dongles
Question 8:
Which security dongles require the host to produce a one-time password and send it to the user’s dongle for authentication?
-
A.
Randomized Signal Receiver
-
B.
Random Code Generator
-
C.
Token Storage
Question 9:
Which security dongle creates a one-time password after the host sends an authentication request to the user’s dongle?
-
A.
Randomized Signal Receiver
-
B.
Random Code Generator
-
C.
Token Storage
Question 10:
Which type of token-security stores an encrypted password required for authentication that is unlocked by the host?
-
A.
Randomized Signal Receiver
-
B.
Random Code Generator
-
C.
Token Storage
Question 11:
What are some weaknesses associated with token authentication? (Select all that apply)
-
A.
Tokens can be broken, lost, or stolen.
-
B.
Standardized tokens may be easy to forge.
-
C.
Tokens are difficult to manage and use.
-
D.
Tokens take a long time for authentication.
Question 12:
Who or what are CAPTCHA designed to work against?
-
A.
Administrators
-
B.
Users
-
C.
Hackers
-
D.
Bots
Question 13:
What is the meaning of acceptable percentage level in biometrics?
-
A.
How close an input pattern matches that of a pattern stored in the database?
-
B.
How many patterns are found in the database?
-
C.
How a match is found?
Question 14:
What is it called when a user is wrongly authenticated?
-
A.
False negative
-
B.
False positive
-
C.
True positive
-
D.
True negative
Question 15:
What is considered a Behavioral authentication method?
-
A.
Veins authentication
-
B.
Fingerprint authentication
-
C.
Voice authentication
-
D.
Facial authentication
Question 16:
What are some of the problems with biometric authentication? (Select all that apply)
-
A.
Your biometric data can be stolen.
-
B.
You can be injured.
-
C.
You can easily misplace your biometric data.
-
D.
Your data is easily reproduced.
Question 17:
What is the name of the device that generates the location signature?
-
A.
Location Signature Sensor
-
B.
Location Station
-
C.
Location Base Unit
-
D.
Global Positioning Service
Question 18:
Where is the passwd file stored in UNIX system?
-
A.
/root directory
-
B.
/user/var directory
-
C.
/etc. directory
-
D.
/home directory
Question 19:
What is the correct expansion of LDAP?
-
A.
Lightweight Directory Admin Protocol
-
B.
Lightweight Directory Authentication Protocol
-
C.
Lightweight Directory Access Protocol
-
D.
Lightweight Directory Approve Protocol
Question 20:
Which of the following is not a criterion of security questions?
-
A.
Safe
-
B.
Inconsistent
-
C.
Stable
-
D.
Memorable
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Dasgupta, D., Roy, A., Nag, A. (2017). Authentication Basics. In: Advances in User Authentication. Infosys Science Foundation Series(). Springer, Cham. https://doi.org/10.1007/978-3-319-58808-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-58808-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58806-3
Online ISBN: 978-3-319-58808-7
eBook Packages: Computer ScienceComputer Science (R0)