In: Computer Science
QUESTION 3: SYSTEM CONFIGURATION [5+5 = 10 Marks]
a) Be aware of the options available for setting password
requirements under Windows, as well as the options available under
Linux. Discuss good and bad practices for setting passwords and why
administrators may enforce logon hours and logon locations for
Windows users. [5 Marks]
b) Explain what Multi Factor Authentication (MFA) is – a method of
authentication which requires a user to supply two or more types of
authentication drawn from these credential categories:
1. Knowledge – what the user knows, such as a username or
password
2. Possession – what the user has, such as a smart card or
key
3. Inherence – what the user is; a unique biometric trait, such as
a fingerprint [5 Marks]
>>Answer
>>Given That
1. The good practices of setting passwords include minimum and maximum password age policy, where minimum can be 1 day and maximum be 90 days. Apart from that, the minimum password length policy which can be a minimum of 8 characters must be ensured. The long passwords make it harder to crack it. Plus, it must be complex enough with numbers, letters(uppercase and lowercase), and symbols for better protection.
While the bad password setting may include using the name as a password or not having email linkages to the password setting, or reminders to change the password. A weak password with less variation in characters is also easy to crack.
The administrator may enforce logon hours and locations for users to control the privacy of the system. In remote locations, with logon hours, it can be ensured that confidential information is not accessed beyond the work time. In the same manner, accessing it outside the office premises can be blocked. It comes under good practices as it further restricts the unauthentic access of the system.
2. MFA is a way of authentication in which a person or user may get access to a platform or website only after entering at least two pieces of evidence. This can be regarding something only the user knows, or only posses or only he/she is like in biometric.
Hence, it provides better security, apart from password set by
the user
Thus, in the knowledge, it can be password and other protecting
questions like the name of the first school, or mother's maiden
name, etc. This information is very personal and hence adds a
security element
In possession, the user may have to authenticate access with a key or a smart card, that needs to be inserted to access the system. For example, a lot of offices give the smart card to their employees to enter office premises or even using their computer system
Inherence can be a fingerprint, or retina scan, that shows that person accessing is the same person, inherently.
With MFA, the security is improved as at least two evidence are needed for it.