Chapter 12 Authentication and account Management

Authentication
proving that a user is genuine, and not an imposter
Authentication factors
five element that can prove the genuineness of a user: what you know, what you have, what you are, what you do, and where you are.
Bcrypt
a popular key stretching password hash algorithm.
Behavioral biometrics
authenticating a user by the unique actions that the user performs.
Birthday attack
an attack that searches for any two digests that are the same.
Brute force attack
a password attack in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched against those in a stolen password file.
Cognitive biometrics
authenticating a user through the perception, through process, and understanding of the user.
Common access card (CAC)
a U.S Department of Defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors.
Dictionary attack
a password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.
Federated identity management (FIM) (or federation)
single sign-on for networks owned by different organizations.
Geolocation
the identification of the location of a person or object using technology.
HMAC-based one-time password (HOTP)
a one-time password that changes when a specific event occurs.
Hybrid attack
a password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters.
Key stretching
a password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.
LM (LAN manager) hash
a cryptographic function found in older Microsoft windows operating systems used to fingerprint data.
Multifactor authentication
using more than one type of authentication credential
NTLM (new technology LAN manager) hash
a hash used by modern Microsoft windows operating systems for creating password digests.
NTLMv2
the current version of the new technology LAN Manager hash
One-time password (OTP)
an authentication code that can be used only once or for a limited period of time.
Password
a secret combination of letters, numbers, and/or characters that only the user should have knowledge of.
PBKDF2
a popular key stretching password hash algorithm.
Personal identity verification (PIV)
a U.S government standard for smart cards that covers all government employees.
Pre-image attack
an attack in which one known digest is compared to an unknown digest.
Rainbow tables
large pregenerated data sets of encrypted passwords used in password attacks.
Salt
a random string that is used in hash algorithms
Single-factor authentication
using one type of authentication credential
Single sign-on (SSO)
using one authentication credential to access multiple accounts or applications.
Smart card
a card that contains an integrated circuit chip that can hold information used as part of the authentication process.
Standard biometrics
using fingerprints or other unique physical characteristics of a person’s face, hands or eyes for authentication.
Time-based one-time password (TOPT)
a one-time password that changes after a set period of time.
Token
a small device that can be affixed to a keychain with a window display that shows a code to be used for authentication.
Transitive trust
a two-way relationship that is automatically created between parent and child domains in a Microsoft active directory forest.
Username
an identifier of user logging into a system.