Passwords Flashcards
(9 cards)
Why are passwords important and what do they entail?
First line of defense
Secure 2 prevent a breech
Safeguarding personal data and organizations
Length- min 12 to 16 letters
Complexity- numbers & symbols
Unpredictability- higher entropy more random (more secure); changing routinely
What are some hacking concerns?
Common words or phrases
Rainbow tables- hash value into mathematical value
Use complex passwords 4 different accounts (domino effect ie multiple account breech)
Creates single pt of failure
Credential stuffing (people often reuse passwords); can circulate on dark web
What are some password tips?
Use password manager
System generationg 4 strong password
Phrases
2FA
What’s a Brute Force Attack?
A brute force attack involves guessing the password to an account by systematically trying every possible combination of letters, numbers, and symbols until the correct one is found. These attacks are facilitated by powerful computers and sophisticated tools capable of making millions of guesses per second, making weak passwords particularly vulnerable.
What are Advanced Persistent Threats (APTs)?
APTs represent a sophisticated category of network attack where an unauthorized user gains access to a network and remains undetected for a considerable period of time. Unlike other cyberthreats that seek immediate financial gain, APTs aim to steal data over time, making them particularly dangerous for organizations holding sensitive information. These attacks are carefully planned and executed, often targeting specific entities for espionage or financial theft.
What are machine learning (ML) and AI powered attacks?
Cybercriminals are now leveraging machine learning (ML) and artificial intelligence (AI) to enhance the efficacy of their attacks. AI algorithms can analyze vast datasets to identify vulnerabilities and automate phishing attacks. Phishing is a cyberattack that uses deceptive emails or websites to trick individuals into revealing their personal information, like passwords or credit card numbers.
These algorithms can even mimic trusted entities in targeted spear-phishing attacks. The adaptability and speed of AI-powered attacks pose a significant challenge to traditional security measures, requiring advanced countermeasures that can anticipate and mitigate these sophisticated threats.
To combat these sophisticated threats, it’s crucial to remain vigilant and cautious. Individuals should always verify the authenticity of emails and websites, especially those requesting personal information, and be wary of unsolicited messages that seem too good to be true or create a sense of urgency.
What is credential stuffing?
Credential stuffing is an attack that uses previously breached username and password pairs to gain unauthorized access to user accounts across different platforms. With the proliferation of data breaches, vast amounts of login credentials are available to cybercriminals, who use automated tools to test these credentials across multiple websites. This method exploits the common practice of password reuse, underlining the importance of unique passwords for each account.
What is entropy?
Entropy is the randomness and unpredictability of letters in a password. The more unpredictable the data, the higher its entropy, and the more secure a password is from brute-force attacks. Let’s examine how to calculate password entropy.
The entropy of a password can be calculated using this formula:
H = L x log2(N)
Let’s break this formula down into its parts:
H is the entropy (this is measured in bits),
L refers to the length of the password, and
N is the number of possible symbols for each position in the password.
What is Multifactor Authentification (MFA)?
The first password is the one an individual usually enters, something only they know.
The second password is the code sent to their phone, something they have in their possession.
MFA adds an extra layer of security by requiring two or more distinct verification factors to confirm an individual’s identity. MFA uses different authentication factors to verify an individuals identity.
First is knowledge, something an individual knows, such as their password or a pin. Second is possession, something an individual has like their phone or a security token. And third is inherence, something an individual is such as their fingerprint or facial recognition.
