1 of 15

3- Lecture . Authentication method based on passwords

2 of 15

Permissions control

  • We can use the term permissions control as an "umbrella" for the arbitrary security problem associated with managing system resources .
  • permission control area consists of the following sub-areas :
    • Identification
    • Authentication
    • Authorization.

3 of 15

I de n t i f i c a t i o n

It is a good thing to say that the person is the person​

  • Identity card –​​​​​​​

process.

  • For example, you can say that identifying yourself on the phone is a form of identification. possible.
  • In this case , you can call yourself, for example, "I am Bahadir." You are welcome.
  • Here , "Bohodir" serves as your ID .
  • Thus , identification is the identity of the subject the process of presenting information to a system or requesting entity is considered.

4 of 15

Authentication

  • to determine the presence process.
  • For example , the process of using a personal computer​​​​​​​​​​​​​​​​​​​​​​​​​​​​ Let's take it.
  • The password is the same as the real login .​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ is included.
  • It is possible to benefit from the benefits of​​​​​​​​​​​​​​​​​​​​​​​​​​​​ It is divided.
  • Hence, authentication user or the subject
  • to say that the process of verifying authenticity possible.
  • Authentication - the user

( or

t o m o n ni ) tizi md a n foyd a la ni sh u ch u n

b iror r u x s a t i

5 of 15

Authorization

- identification,

authentication

  • Authorization

from the processes

you are welcome

user

It 's a good idea​​​​​​​​​

permission for​​​​​

to list​​​

It is difficult to perform .

  • So,
  • authentication is a binary decision - i.e., permission is granted or not no.
  • Authorization is all about the set of rules used to restrict access to various system resources .

6 of 15

In short ...

  • Identity is you Who are you?
  • Authentication - You're the real you Is that you?
  • Authorization - you are allowed to do this Is there any?

7 of 15

Authentication

  • authentication or identification processes, subjects can be in the form of a person or a device (computer). possible.
    • human to human authentication possible;
    • a machine authenticates a human possible;
    • or machine to machine authentication possible.
  • The machine authenticates the human number on the basis of " things " .​​​​​​ possible:
    • something you know know);
      • For example, password.
    • something you have​​ have);
      • For example, a car or house key, a smart card or token.
    • something you​​ are).
      • For example, biometric parameters, fingerprint, face image.

8 of 15

P a r o l

  • A password is a piece of information known only to the user and which ensures the passage of the authentication process in a system .

S e r v e r

Profitable​​​​​​​​​​​

User ID, password

OK/ Error

9 of 15

P a r o l

following

Features based on P a r o l​​​ owner:

  • password based

authentication

increase a u t e n t i f i c a t s i a m a l g

convenient (low consumption cost , replacement easy);

  • A user's password is usually information related to him ( for example, his favorite football team, phone number , etc.) ( 123456, 12345, qwerty ) and therefore can be guessed by "attackers" easy;
  • complex passwords are difficult to remember (for example,

jfIej(43jEmmL+y );

  • A u t e n t i f i c a t i o n is widely used in p a r o l g a a s o s l a n g​​ method.

10 of 15

Focuses on authentication methods attacks

  • Someone you know thing:
    • Passwords are based on using a dictionary attack:
      • of the most common passwords is available and can be easily downloaded from the Internet . possible.
    • See all options for passwords output:
      • It takes a lot of time. will.
    • " Looking over the shoulder" attack:
      • Viewing the password as the user enters it to take.
    • Based on malware attack:
      • Known as a keylogger program.

11 of 15

Passwords protection principles

  • Long from passwords use
  • Password as personal from data not to use
  • Short phrase and from words escape
  • Passwords others with share not seeing
  • Suspicious to inquiries in response passwords share not seeing
  • Be careful when using passwords on public wifi networks.
  • Do not send passwords over open channels.
  • Change your password immediately after registration .
  • Different passwords for different resources choice
  • Change your password regularly.

12 of 15

Passwords protection principles

  • Old don't reuse passwords
  • If your password is compromised, change it immediately .
  • from two-factor authentication use
  • Avoid password recovery schemes
  • not allow the browser to save passwords .
  • Keep passwords in a safe place .
  • Do n't forget to back up.

13 of 15

Create strong passwords and​ them to remember

  • Method 1. Mnemonics
  • Mnemonic method​ in the help example We'll see .
  • In this example The result looks like this :

3mmm,1b3mtY,IB“VK!”

  • This strong password is a mix of letters, numbers, and punctuation. It may seem impossible to remember. But it 's remembering stay not necessarily. This is based on a phrase from Shakespeare's Macbeth structured :
  • Three times the colorful cat meowed, �Three times the hedgehog cried, �The devil shouted: "The time has come, the time has come!"

14 of 15

Create strong passwords and to remember them

  • Method 2. Book method
  • This method was originally called the diceware method, but we prefer to call it the book method. The emphasis here is on randomly selecting words from a large dictionary. How do you get random words that are not related to your personality? Take a book and open it randomly to the first page. Which word came out first? Let's say this
  • box (box)
  • We repeat. Another page, first word:
  • fast (fast)
  • And so on, six times in total. We get a set of six random words, let's say:
  • box (box) �quickly (quickly) �hides (hides) �spruce (spruce) �kangaroo (kangaroo)Jane (Jane)
  • These words (in any order) make up your password. It may seem like a completely random sequence of words is impossible to remember, but you'd be surprised at the nature of the human brain. You can simplify the task a little: the phrase kangaroo Jane quickly hides the box under the tree (kangaroo Jane quickly hides the box under the tree ) is easier to remember. To increase the strength of the password, you can add some characters from another set, for example:

kangaroo yes Janequicklyhidesbox#

15 of 15

Thank you for your attention!