Skip to main content
SpringerLink
Log in

Authentication Basics

Key to the kingdom – Access a Computing System

  • Chapter
  • First Online:
Advances in User Authentication

Part of the book series: Infosys Science Foundation Series ((ISFSASE))

Abstract

This chapter covers the basic protection mechanism against unauthorized access to a computing system, known as Authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Techlicious/Fox Van Allen @techlicious (August 08, 2013). “Google Reveals the 10 Worst Password Ideas | TIME.com”. Techland.time.com. Date accessed 01 July 2015. URL: http://techland.time.com/2013/08/08/google-reveals-the-10-worst-password-ideas/?iid=biz-article-mostpop2

  2. http://splashdata.com/press/worst-passwords-of-2014.htm. Date accessed 01 July 2015

  3. Tips for creating a strong password. Date accessed 15 July 2015. URL: http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password

  4. Scarfone K, Souppaya M (2009) Guide to enterprise password management: recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-118

    Google Scholar 

  5. Stallings W (2010) Cryptography and network security: principles and practice, 5th edn. Prentice Hall Press, Upper Saddle River

    Google Scholar 

  6. Passwords technical overview (2 May 2012). Date accessed 15 July 2015. URL: https://technet.microsoft.com/en-us/library/hh994558(v=ws.10).aspx

  7. Suo X, Zhu Y, Scott Owen G (2005) Graphical passwords: a survey. In: Computer security applications conference, 21st annual, 10 pp. IEEE

    Google Scholar 

  8. Rubenking N (2 June, 2015) The best password managers for 2015, PC magazine. Date accessed 15 July 2015. URL: http://www.pcmag.com/article2/0,2817,2407168,00.asp

  9. Kate V (15 June, 2015) Password manager LastPass hacked, exposing encrypted master passwords, Forbes magazine. Date accessed 15 July 2015. URL: http://www.forbes.com/sites/katevinton/2015/06/15/password-manager-lastpass-hacked-exposing-encrypted-master-passwords/

  10. Dave F (2010) Best practices for a secure “Forgot Password” feature, fishnet SECURITY. Date accessed 15 July 2015. URL: https://www.fishnetsecurity.com/sites/default/files/media/10WP0003_BestPractices_SecureForgotPassword%5B1%5D_0.pdf

  11. http://goodsecurityquestions.com/. Date accessed 01 July 2015

  12. Kluever K, Zanibbi R (2009) Balancing usability and security in a video CAPTCHA. In: Proceedings of the 5th symposium on usable privacy and security (SOUPS), p 14. ACM, Mountain View, CA, USA

    Google Scholar 

  13. Gafurov D, Snekkenes E, Bours P (2007) Gait authentication and identification using wearable accelerometer sensor. In: 2007 IEEE workshop on automatic identification advanced technologies. IEEE, pp 220–225

    Google Scholar 

  14. Gafurov D, Helkala K, Søndrol T (2006) Biometric gait authentication using accelerometer sensor. J Comput 1(7):51–59

    Article  Google Scholar 

  15. Shiraga K, Trung NT, Mitsugami I, Mukaigawa Y, Yagi Y (2012) Gait-based person authentication by wearable cameras. In: 2012 ninth international conference on networked sensing systems (INSS). IEEE, pp 1–7

    Google Scholar 

  16. Joyce R, Gupta G (1990) Identity authentication based on keystroke latencies. Commun ACM 33(2):168–176

    Article  Google Scholar 

  17. Hwang S-S, Cho S, Park S (2009) Keystroke dynamics-based authentication for mobile devices. Comput Secur 28(1):85–93

    Article  Google Scholar 

  18. Nauman M, Ali T (2010) Token: trustable keystroke-based authentication for web-based applications on smartphones. In: Information security and assurance. Springer, Berlin, pp 286–297

    Google Scholar 

  19. Zahid S, Shahzad M, Khayam SA, Farooq M (2009) Keystroke-based user identification on smart phones. In: Recent advances in intrusion detection. Springer, Berlin, pp 224–243

    Google Scholar 

  20. Eric G, Upadhyay M (2013) Authentication at scale. IEEE Comput Reliab Sci

    Google Scholar 

  21. Dasgupta D, Azeem R (2008) An investigation of negative authentication systems. In: Proceedings of 3rd international conference on information warfare and security

    Google Scholar 

  22. Dhamija R, Perrig A (2000) Deja Vu: a user study using images for authentication. In: Proceedings of 9th USENIX security symposium

    Google Scholar 

  23. iRevolutions (17 June, 2013). How ReCAPTCHA Can Be Used for Disaster Response. Date accessed 1 Jan 2017. URL: https://irevolutions.org/2013/06/17/recaptcha-for-disaster-response/

  24. Maltoni D, Maio D, Jain AK, Prabhakar S (2009) Handbook of fingerprint recognition. Springer Science & Business Media

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Memphis, Memphis, TN, USA

    Dipankar Dasgupta, Arunava Roy & Abhijit Nag

Authors
  1. Dipankar Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arunava Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abhijit Nag
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dipankar Dasgupta .

Appendices

Descriptive Questions

Question 1:

What are the basic steps in authentication process?

Question 2:

What are different types of authentication? Give at least two examples of each type.

Question 3:

How are the passwords stored? Why is salt added to the hashed passwords? Describe with a diagram.

Question 4:

What are the five major criteria to select secure passwords?

Question 5:

What is the role of password manager? List three recently used password manager tools.

Question 6:

What is SSO? Describe the benefits of choosing SSO over regular authentication process?

Question 7:

What are the most common ways of resetting forgotten passwords?

Question 8:

What are the common issues with PIN-based systems? Describe two such issues.

Question 9:

List two Type II authentication systems. Briefly describe their characteristics.

Question 10:

What are the basic differences between physiological and behavioral biometrics? What are the possible benefits of choosing biometrics over typical passwords?

Multiple-Choice Questions

Question 1:

In terms of time, which group of passwords should be easiest to guess due to commonality?

  1. A.

    password baseball qwerty dragon 12345789 football

  2. B.

    shorty ragequit numbers no1knows god123 offby1 iam2safe 69erfan drinker

  3. C.

    cellar1door rage1quit drinks1on2me candy1apples computers1are2safe

Question 2:

In terms of time, which group of passwords should be easiest to guess due to shortness and/or low character variation?

  1. A.

    password baseball qwerty dragon 12345789 football

  2. B.

    shorty ragequit numbers no1knows god123 offby1 iam2safe 69erfan drinker

  3. C.

    cellar1door rage1quit drinks1on2me candy1apples computers1are2safe

Question 3:

You are trying to create a bank account and they ask you to enter a PIN number for the account. What would be a good PIN for you to use?

  1. A.

    1111

  2. B.

    1234

  3. C.

    4571

  4. D.

    9876

Question 4:

Mary is creating an account with a bank. They ask her to implement her own security questions as another type of security measure. What would be a good security question for her to come up with?

  1. A.

    What is the name of your first pet?

  2. B.

    What is the name of your favorite movie?

  3. C.

    What is the name of your best friend?

  4. D.

    What was the name of the first person that you hugged?

Question 5:

Mary is creating an account with a bank. This time when Mary gets to the security question part she can no longer create her own question but is forced to use one that is provided to her. The question that she has to answer is: «What is the name of your first pet?» Which of the following should she choose about how she should answer this question?

  1. A.

    With the name of her first pet plus the name of her second pet.

  2. B.

    With the name of her first pet.

  3. C.

    With a random name that has nothing to do with her pets.

  4. D.

    With her mother’s maiden name.

Question 6:

Which token authentications require personnel to verify? (Select all that apply)

  1. A.

    Passports

  2. B.

    Drivers’ Licenses

  3. C.

    Swipe Cards

  4. D.

    Smart Cards

  5. E.

    Dongles

Question 7:

Which token authentications are usually automated? (Select all that apply)

  1. A.

    Passports

  2. B.

    Drivers’ Licenses

  3. C.

    Swipe Cards

  4. D.

    Smart Cards

  5. E.

    Dongles

Question 8:

Which security dongles require the host to produce a one-time password and send it to the user’s dongle for authentication?

  1. A.

    Randomized Signal Receiver

  2. B.

    Random Code Generator

  3. C.

    Token Storage

Question 9:

Which security dongle creates a one-time password after the host sends an authentication request to the user’s dongle?

  1. A.

    Randomized Signal Receiver

  2. B.

    Random Code Generator

  3. C.

    Token Storage

Question 10:

Which type of token-security stores an encrypted password required for authentication that is unlocked by the host?

  1. A.

    Randomized Signal Receiver

  2. B.

    Random Code Generator

  3. C.

    Token Storage

Question 11:

What are some weaknesses associated with token authentication? (Select all that apply)

  1. A.

    Tokens can be broken, lost, or stolen.

  2. B.

    Standardized tokens may be easy to forge.

  3. C.

    Tokens are difficult to manage and use.

  4. D.

    Tokens take a long time for authentication.

Question 12:

Who or what are CAPTCHA designed to work against?

  1. A.

    Administrators

  2. B.

    Users

  3. C.

    Hackers

  4. D.

    Bots

Question 13:

What is the meaning of acceptable percentage level in biometrics?

  1. A.

    How close an input pattern matches that of a pattern stored in the database?

  2. B.

    How many patterns are found in the database?

  3. C.

    How a match is found?

Question 14:

What is it called when a user is wrongly authenticated?

  1. A.

    False negative

  2. B.

    False positive

  3. C.

    True positive

  4. D.

    True negative

Question 15:

What is considered a Behavioral authentication method?

  1. A.

    Veins authentication

  2. B.

    Fingerprint authentication

  3. C.

    Voice authentication

  4. D.

    Facial authentication

Question 16:

What are some of the problems with biometric authentication? (Select all that apply)

  1. A.

    Your biometric data can be stolen.

  2. B.

    You can be injured.

  3. C.

    You can easily misplace your biometric data.

  4. D.

    Your data is easily reproduced.

Question 17:

What is the name of the device that generates the location signature?

  1. A.

    Location Signature Sensor

  2. B.

    Location Station

  3. C.

    Location Base Unit

  4. D.

    Global Positioning Service

Question 18:

Where is the passwd file stored in UNIX system?

  1. A.

    /root directory

  2. B.

    /user/var directory

  3. C.

    /etc. directory

  4. D.

    /home directory

Question 19:

What is the correct expansion of LDAP?

  1. A.

    Lightweight Directory Admin Protocol

  2. B.

    Lightweight Directory Authentication Protocol

  3. C.

    Lightweight Directory Access Protocol

  4. D.

    Lightweight Directory Approve Protocol

Question 20:

Which of the following is not a criterion of security questions?

  1. A.

    Safe

  2. B.

    Inconsistent

  3. C.

    Stable

  4. D.

    Memorable

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Dasgupta, D., Roy, A., Nag, A. (2017). Authentication Basics. In: Advances in User Authentication. Infosys Science Foundation Series(). Springer, Cham. https://doi.org/10.1007/978-3-319-58808-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58808-7_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58806-3

  • Online ISBN: 978-3-319-58808-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation