User Authentication

Definition

User Authentication

User authentication is the process of verifying the identity of a user or process attempting to access a system.

Authentication Factors

Possession

Something the user has (physical key, chip card, token).

Attribute (Biometrics)

Something the user is (fingerprint, iris scan, facial recognition).

Knowledge

Something the user knows (password, PIN).

Passwords

Vulnerabilities

Default passwords, dictionary attacks, brute-forcing, social engineering.

Search Space

7-character passwords (95 printable chars) ≈ $7 \times 1 0^{13}$ possibilities.

Salt

Random data added before hashing to prevent pre-computed attacks (rainbow tables). 12-bit salt increases search space by factor of $2^{12}$ . See Salt.

Countermeasures

One-time Passwords

Codes valid for a single session only.

Challenge-Response

System issues challenge answered using a secret key.

Login Delays

Intentional slowdown after failed attempts to prevent rapid brute-forcing.

Logging

Recording and displaying date/time of last successful login.

Lukas' Notes

User Authentication

Definition

Authentication Factors

Passwords

Countermeasures

Graph View

Table of Contents

Backlinks