Digital Authentication Best Practice
Ciaran Rooney
20 years: technology, cybersecurity & operations
Now we've laid the groundwork for digital authentication, it's time to advance. Join Ciarán Rooney in this video as he delves into the common password pitfalls, what constitutes a strong password and the future of digital authentication.
Now we've laid the groundwork for digital authentication, it's time to advance. Join Ciarán Rooney in this video as he delves into the common password pitfalls, what constitutes a strong password and the future of digital authentication.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Digital Authentication Best Practice
12 mins 44 secs
Key learning objectives:
Understand how your password can be compromised
Learn how to create a strong password
Indentify how authentication is improving
Overview:
There are many ways a password can be compromised, including: brute force attack, dictionary attack and phishing. You can avoid many pitfalls by using longer passwords, using the maximum character range, not using common words/patterns and never reusing your password.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
How can passwords be compromised?
- Brute force attack. This form of attack involves using software to try as many password combinations as possible.
- Dictionary attack. This involves using software that goes through the dictionary, trying every word until the cybercriminal gains access. Dictionary attacks attempt to bypass the difficulty generated by entropy by skipping lots of guesses that brute force would try.
- Social engineering and phishing. This is when cybercriminals masquerade as a trusted entity to trick you into willingly providing them with your password and other data.
What pitfalls can you avoid to stop your password being compromised?
- Use longer passwords. 8 characters is now the minimum on most services but try to aim for 12 or more characters.
- Use the maximum range of characters available, including upper and lower case letters and numbers, symbols, and punctuation.
- Don’t use only dictionary words or common keyboard patterns. Using Password1, QWERTY or 123456 are some of the first guesses in a dictionary attack.
- Never reuse your password. The most common way passwords are compromised is from other data breaches. This means that if you have twenty different accounts, you need twenty different passwords.
What techniques can you use to create a better password?
You can use the Bruce Schneier Method, which involves taking the first letter from every word in a memorable sentence. The sentence ‘My mother always packed my lunches’ could be used as Mmapml - and you could even substitute symbols or numbers for some letters for even higher entropy.
Alternatively, you can use the passphrase method. It involves connecting multiple words into a long password. For example, 2Elephants3Cafes&4Plates?
Lastly, you can use a password manager. A password manager can generate long and complex passwords for you, with very high entropy. It can then keep track of a unique password for all the different services you use.
What are the improved authentication techniques?
Limiting login attempts. A service administrator can limit the number of incorrect password attempts that someone can make before being locked out of the system.
Multi-factor authentication (MFA). Also known as two-factor authentication, this method requires a user to provide two or more authentication factors before they are granted access to a system.
Single sign-on and Third-party authentication. This uses the security of another identity platform to act as a form of authentication for a user. You might see this used with a corporate network or an external platform such as Google, Facebook, or Twitter.
Subscribe to watch
Access this and all of the content on our platform by signing up for a 7-day free trial.
Ciaran Rooney
There are no available Videos from "Ciaran Rooney"