Scribd
Upload
28 views

Lecture 0

This document introduces concepts related to cybersecurity including securing accounts through authentication and authorization. It discusses common password attacks like dictionary and brute force attacks. It recommends passwords be at least 8 characters in length and provides examples of password strengths based on length and character set. The document also discusses National Institute of Standards and Technology password guidelines, two-factor authentication, and other account security topics like one-time passwords, password managers, and common attacks.

Uploaded by

Bless Kumah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views

Lecture 0

This document introduces concepts related to cybersecurity including securing accounts through authentication and authorization. It discusses common password attacks like dictionary and brute force attacks. It recommends passwords be at least 8 characters in length and provides examples of password strengths based on length and character set. The document also discusses National Institute of Standards and Technology password guidelines, two-factor authentication, and other account security topics like one-time passwords, password managers, and common attacks.

Uploaded by

Bless Kumah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 54

Introduction to

Cybersecurity
David J. Malan
[email protected]
Securing Accounts
🔑
Authentication
Authorization
Usernames
Passwords
Dictionary Attacks
Brute-Force Attacks
4 digits
10 × 10 × 10 × 10
4
10
10,000
4 letters
26 × 26 × 26 × 26
52 × 52 × 52 × 52
4
52
7,311,616
4 characters
94 × 94 × 94 × 94
4
94
78,074,896
8 characters
8
94
6,095,689,385,410,816
National Institute of
Standards and Technology (NIST)
"Memorized secrets SHALL be at least 8 characters
in length…"
"Verifiers SHOULD permit subscriber-chosen memorized
secrets at least 64 characters in length. All printing ASCII
characters as well as the space character SHOULD be
acceptable in memorized secrets. Unicode characters
SHOULD be accepted as well."
"… verifiers SHALL compare the prospective secrets
against a list that contains values known to be
commonly-used, expected, or compromised…

● "Passwords obtained from previous breach corpuses.


● "Dictionary words.
● "Repetitive or sequential characters (e.g. 'aaaaaa',
'1234abcd').
● "Context-specific words, such as the name of the
service, the username, and derivatives thereof."
"Memorized secret verifiers SHALL NOT permit the
subscriber to store a "hint" that is accessible to an
unauthenticated claimant. Verifiers SHALL NOT prompt
subscribers to use specific types of information (e.g., "What
was the name of your first pet?") when choosing
memorized secrets."
"Verifiers SHOULD NOT require memorized secrets to be
changed arbitrarily (e.g., periodically)."
"Verifiers SHALL implement a rate-limiting mechanism that
effectively limits the number of failed authentication
attempts that can be made on the subscriber’s account…"
Two-Factor Authentication (2FA)
Multi-Factor Authentication
Knowledge
Possession
Inherence

One-Time Password (OTP)
SIM Swapping
Keylogging
Credential Stuffing
Social Engineering
Phishing
Machine-in-the-Middle Attacks
Single Sign-On (SSO)
Password Managers
Apple iCloud Keychain
Google Password Manager
Microsoft Credential Manager
...
Passkeys
Introduction to

Cybersecurity
David J. Malan
[email protected]

You might also like