Information Technology /Security+ (SY0-701): Lesson 4: Implement Identity Part 1
Security+ (SY0-701): Lesson 4: Implement Identity Part 1
This deck covers key concepts and definitions related to authentication factors, password policies, and biometric authentication as outlined in the Security+ (SY0-701) curriculum.
Define Confidentiality in authentication
If account credentials are leaked, threat actors can impersonate the account.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/40
Key Terms
Term
Definition
Define Confidentiality in authentication
If account credentials are leaked, threat actors can impersonate the account.
Define Integrity in authentication
Authentication mechanism is reliable and not easy for threat actors to bypass or trick with counterfeit credentials.
Define Availability in authentication
Time taken to authenticate does not impede workflows and is easy enough for users to operate.
Define an ‘authentication factor’
Different technologies for implementing authentication
List main authentication factors
Knowledge (username/password/PIN), ownership/token, and biometric/inherence.
Define the term ‘password best practices’
Policies to govern secure selection and maintenance of authentication factors; Secrets, such as length, complexity, age, and reuse, smart card, biomet...
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define Confidentiality in authentication | If account credentials are leaked, threat actors can impersonate the account. |
Define Integrity in authentication | Authentication mechanism is reliable and not easy for threat actors to bypass or trick with counterfeit credentials. |
Define Availability in authentication | Time taken to authenticate does not impede workflows and is easy enough for users to operate. |
Define an ‘authentication factor’ | Different technologies for implementing authentication |
List main authentication factors | Knowledge (username/password/PIN), ownership/token, and biometric/inherence. |
Define the term ‘password best practices’ | Policies to govern secure selection and maintenance of authentication factors; Secrets, such as length, complexity, age, and reuse, smart card, biometric ID. |
Define the term ‘account policies’ | Policies governing user security information, such as password expiration and uniqueness. |
Define a ‘Password Length’ policy | Enforces a min/max length for passwords. |
Define a ‘Password Complexity’ policy | Enforces password entropy; Enforces complex passwords that aren’t easy to crack. |
What are examples of password complexity? | No use of a username within the password and a combination of at least eight uppercase/lowercase alphanumeric and non-alphanumeric characters. |
Define a ‘Password Age’ policy | Forces the user to select a new password after a set number of days. |
Define a ‘Password Reuse and History’ policy | Prevents the selection of a password that has been used already. |
Define the purpose of ‘history’ attribute of a ‘Password Reuse and History’ policy | How many previous passwords are blocked from use. |
Define the purpose of ‘minimum age’ attribute of a ‘Password Reuse and History’ policy | Prevents a user from quickly cycling through password changes to revert to a preferred phrase. |
Define a ‘password manager’ | Software that can suggest and store passwords to reduce risks from poor user choices and behavior. |
What is the purpose of a password manager? | To mitigate risk of poor user credential management practices. |
What are the main risks of using a password manager? | Selection of a weak master password, compromise of the vendor’s cloud storage or systems, impersonation attacks. |
Define ‘multifactor authentication (MFA)’ | Authentication scheme that requires the user to present at least two different factors as credentials. |
Define an ‘ownership authentication factor’ | Something unique you have; smart card, key fob, cryptographic token. |
Define a ‘biometric/inherence authentication factor’ | Something you are; Fingerprint, retinal scan, facial scan. |
Define a ‘location-based authentication factor’ | Somewhere you are; system applies a location-based factor to an authentication decision based on location/IP address. |
What does it take to configure biometric authentication? |
|
Define the process of biometric authentication | A user is rescanned and the scan is compared to their initial template. |
List the 3 metrics that are used to evaluate biometric authentication performance |
|
Define 'False Rejection Rate (FRR)' | Measures the number of valid subjects who are denied access as a percentage. |
Define 'False Acceptance Rate (FAR)' | Measures the number of unauthorized users who are mistakenly allowed access as a percentage. |
What is the outcome of a high False Rejection Rate (FRR)? | Causes inconvenience to authorized users. |
What is the outcome of a high False Acceptance Rate (FAR)? | Can lead to security breaches. |
Define 'Crossover Error Rate (CER)' | Expressing the point at which FAR and FRR meet, with a low value indicating better performance. |
Define throughput in biometric authentication performance | Time required to create a template for each user and the time required to authenticate. |
Define 'Failure to Enroll Rate (FER)' | Incidents in which a template cannot be created and matched for a user during enrollment. |
What are user concerns with biometric authentication? | Users can find it intrusive and threatening to privacy; The technology can be discriminatory or inaccessible to those with disabilities. |
What is the most common form of biometric authentication? |
|
List the 3 types of tokens in ownership authentication |
|
Define 'Certificate-Based Authentication' | Supplicant provides a private key that can generate a unique signed token verified in the identity provider by the signature via the public key. |
Define 'One-Time Password (OTP)' | A token generated for each authentication decision using some sort of hash function on a shared secret value plus a synchronization seed, such as a timestamp; Does not require PKI |
Define 'Fast Identity Online (FIDO) Universal 2nd Factor (U2F)' | Uses asymmetric key pairs to register each account. |
Define the authentication process of 'Fast Identity Online (FIDO) Universal 2nd Factor (U2F)' | Private key is locked to the U2F device and signs the token; the public key is registered with the authentication server and verifies the token; Does not use PKI because there is no digital cert. |
Define 'hard authentication token' | Authentication token generated by a cryptoprocessor on a dedicated hardware device. |
What makes hard authentication token secure? | As the token is never transmitted directly, this implements an ownership factor within a multifactor authentication scheme. |