Question

Good Day Class,

Please look at my questions and post accordingly. You most likely want to post a few times throughout this period as you discover new concepts or programming ideas.

Discussion Topic: Describe a fake login management scenario. Identify several authentication practices. Are passwords becoming obsolete?

Answer 1

Fake login management scenario:

In fake login situations, the user data is stolen including login data. The attacker creates a page that looks like the genuine page and when the user fills in the details and login credentials, the data is saved in the attacker's database.

For example, a perpetrator sends an email to the project manager and asks to log in for document viewing. The link for login is sent by the attacker and when the PM logs in, the credentials are stolen by the attacker which gives full access to the network's sensitive areas.

Authentication practices:

1. Password based:

This is the most common used practice. Passwords are used in the form of numbers, letters, strings, etc. Passwords can be cracked and hence they are not considered the safest option available.

2. Multi-factors authentication:

In this method, different methods are used to identify the user and not just a password. It could be a code generation scenario or facial recognition technique. It helps by adding many layers of protection to the device or application.

3. Certificates:

In this method, digital certificates are used. The certificate shows digital identify of the user. It is used with a public key and a certification authority's signature. When the user signs in, a digital certificate is asked by the server. The credibility of the user is then decided by the server by verifying the signature of the certificate.

4. Biometric:

In this method, biological methods are used. It could be facial recognition, eye scanner, fingerprint scanner, voice identification. Different technologies are used here. The data can be compared to a person and saved in a database. This helps in controlling any kind of physical access.

5. Token based:

The user receives a token after entering the credentials. As a token, the user gets a unique encrypted character string. This is used to protect the system or application.  

Passwords becoming obsolete:

Traditional passwords are on the verge of becoming obsolete soon. This is because they are in the form of plain text and it is easy for hackers to hack them. Password credentials have their own advantages but new technology is bringing security measures in the form of biometric or other authentication methods. These methods offer more security than password schemes.