Courses Edexcel iGCSE Computer Science Networks & the internet Network validation & authentication

Network validation & authentication

Introduction to password authentication

Password authentication is a fundamental security mechanism used to verify the identity of users attempting to access a computer system, application, or online service. It is a widely adopted method for user authentication and relies on users providing a secret passphrase, known as a password, which they have previously chosen and shared with the system.

What does password authentication involve?

{"answers": {"A": "Encrypting passwords before storing them in a database", "B": "Using biometric data instead of passwords for access", "C": "Verifying a user's identity by checking their password", "D": "Regularly updating passwords to enhance security"}, "question_text": "What does password authentication involve?", "correct_answer": "C"}

Password Hashing

To enhance security, passwords are typically not stored in their raw form but are instead stored as cryptographic hash values. When a user enters their password, the system hashes it and compares it to the stored hash.

The authentication system compares the hash of the entered password to the hash of the stored password associated with the user's account. If they match, the user is granted access; if not, access is denied.

{"keyword": "hashing", "definition": "The process of converting a password into a fixed-length string of characters using a cryptographic algorithm."}

Password Vulnerabilities

Password vulnerabilities refer to weaknesses or flaws in the way passwords are created, managed, or used that can make systems, accounts, or data more susceptible to unauthorized access and security breaches. These vulnerabilities can lead to serious consequences, including data breaches, identity theft, and compromised systems.

Common vulnerabilities include:

Weak Passwords
Password Reuse
No Two-Factor Authentication (2FA):
Password Storage Practices:
Password Sharing
Social Engineering:
failing to change vendor passwords

Which of the following is NOT a good practice for creating a secure password?

{"answers": {"A": "Including a mix of uppercase and lowercase letters", "B": "Choosing a password with sufficient length", "C": "Using personal information like names or birthdays", "D": "Incorporating numbers and special characters"}, "question_text": "Which of the following is NOT a good practice for creating a secure password?", "correct_answer": "C"}

Why is it risky to use the same password for multiple online accounts?

{"answers": {"A": "It prevents unauthorized access by using a single strong password", "B": "It increases the risk that if one account is hacked, others can be accessed", "C": "It reduces the chance of forgetting passwords", "D": "It makes it easier to update passwords regularly"}, "question_text": "Why is it risky to use the same password for multiple online accounts?", "correct_answer": "B"}

Limitations of passwords

Weak passwords are a significant security risk, as they can be easily guessed or cracked by attackers, leading to unauthorized access to accounts, systems, and sensitive data. Several factors contribute to the weakness of passwords:

Short Length

Short passwords are more susceptible to brute force attacks, where an attacker systematically tries all possible combinations until the correct password is found.

Lack of Complexity

Passwords that consist solely of lowercase letters, or only contain letters and numbers without special characters, lack complexity. Complex passwords take longer to crack using brute and dictionary methods

Common Words

Passwords that are based on common dictionary words, phrases, or easily guessable patterns (e.g., "password," "123456," "admin") are vulnerable to dictionary attacks.

Patterns

Passwords that follow predictable patterns, such as "abcdefg," "12345," or "qwerty," are easily guessable.

Personal Information

Using personal information like names, birthdays, or family members' names makes passwords more guessable. Attackers can often find this information online or through social engineering.

[[Password strength]] is a measure of how difficult it is to guess or crack a password.

{"cloze_text": "[[Password strength]] is a measure of how difficult it is to guess or crack a password."}

Strong passwords

Creating a strong password is crucial for enhancing your online security and protecting your accounts from unauthorized access.

Here are some tips to help you create a strong password:

Make it long (at least 12 characters).
Use a mix of uppercase, lowercase, numbers, and special characters.
Avoid common words or phrases.
Don't use personal information or easily discoverable data.
Make it appear random and unpredictable.
Use a unique password for each account.
Consider passphrases or acronyms for better memorability.
Check its strength with online tools.
Use a password manager for strong, unique passwords.
Update passwords regularly and enable two-factor authentication (2FA) for added security.

What is the primary function of a password manager?

{"answers": {"A": "A hardware device used to authenticate user identity", "B": "A tool that securely stores and manages passwords", "C": "A person responsible for recovering lost passwords", "D": "A program that generates and stores random passwords securely"}, "question_text": "What is the primary function of a password manager?", "correct_answer": "B"}

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA), also known as two-step verification, is a security process that requires users to provide two different authentication factors before they can gain access to a system, account, or application. These factors fall into three main categories:

Something You Know

This factor involves information that the user knows, such as a password, PIN, or security questions. It's the traditional username and password combination.

Something You Have

This factor includes something physical that the user possesses, such as a mobile device, smart card, security token, or an authentication app that generates one-time codes.

Something You Are

This factor relies on biometric data, like fingerprints, facial recognition, or iris scans, which uniquely identify the user based on their physical or behavioral traits.

Introduction to digital certificates

A digital certificate is a digital document that verifies the identity of an entity (such as a website, server, or individual) and provides a means for secure communication by encrypting data exchanged between the user's device and the entity's server.

They play a crucial role in ensuring the confidentiality, integrity, and authenticity of data transmitted over the internet.

Digital certificates function through the use of public-private key pairs.

What is the primary purpose of digital certificates in e-commerce?

{"answers": {"A": "To create user accounts securely", "B": "To verify the identity of websites and encrypt data", "C": "To track and manage online orders", "D": "To display product information securely"}, "question_text": "What is the primary purpose of digital certificates in e-commerce?", "correct_answer": "B"}

Public & Private Keys

Public and private keys are core components of asymmetric cryptography, also known as public-key cryptography. The public and private keys are mathematically related in such a way that data encrypted with one key can only be decrypted with the other key.

The public key is intended to be shared openly and is often associated with an individual or entity. Anyone can use the public key to encrypt data or verify digital signatures, but it cannot be used to decrypt data.

The private key is used for decrypting data that has been encrypted with the corresponding public key and for creating digital signatures.. It must be kept secret and should never be shared with anyone.

What is the primary role of a private key associated with a digital certificate?

{"answers": {"A": "To verify the authenticity of a digital certificate", "B": "To sign data and create digital signatures", "C": "To encrypt data for secure transmission", "D": "To issue and sign other digital certificates"}, "question_text": "What is the primary role of a private key associated with a digital certificate?", "correct_answer": "B"}

Key Exchange

When a website and client establish a connection they each send their public key to the other and all subsequent data is encrypted using the recipients public key before sending. This means that only the intended recipient can decrypt the message.

Source: Wikipedia

{"keyword": "key exchange", "definition": "The process of securely sharing cryptographic keys between parties to enable encrypted communication."}

Certificate Authorities.

Certificate Authorities (CAs) are trusted organisations who are responsible for issuing, managing, and verifying the digital certificates that websites use to prove who they are. They are used to ensure that your browser has connected to the website you think you have connected to and you have been the victim of DNS hijacking.

Websites are issued digital certificates by CAs and the certificate is encrypted using the private key of the CA. When a website communicates with a client it sends this certificate and the browser uses the public key it has been given directly by the CA to decrypt the digital certificate, verifying that the website is legitimate.

Source: Wikipedia

To obtain a digital certificate, an individual or organization must prove their [[identity]] to the certification authority.

{"cloze_text": "To obtain a digital certificate, an individual or organization must prove their [[identity]] to the certification authority."}

Diffie-Hellman

One of the disadvantages of asymmetric encryption is that it is computationally expensive, making it too inefficient for high speed data transmission, such as video streaming.

Once a client and server has established a connection they switch more efficient symmetric encryption using the Diffie-Hellman key-exchange technique of combining public-private key pairs in order produce a shared secret which can be used to encrypt data.

Source:Wikipedia

Which encryption method generally requires more computational resources?

{"answers": {"A": "Hashing algorithms", "B": "Symmetric encryption", "C": "Asymmetric encryption", "D": "Stream ciphers"}, "question_text": "Which encryption method generally requires more computational resources?", "correct_answer": "C"}

Whitelisting

Whitelisting allows only pre-approved entities to access a resource or perform a specific action. It is like having a guest list for a party; only those on the list are allowed to enter.

Blacklisting

Blacklisting denies access to entities that match certain criteria. It is like a list of banned individuals who are not allowed to enter a premises.

Review: Fill in the Blanks

Password authentication is a fundamental security mechanism that verifies the of users attempting to access a computer system, application, or online service. Users provide a secret , known as a password, which they have previously chosen and shared with the system.

To enhance security, passwords are typically stored as rather than in their raw form. When a user enters their password, the system hashes it and compares the hash of the entered password to the associated with the user's account.

Password vulnerabilities refer to weaknesses in how passwords are created, managed, or used, making systems more susceptible to . Common vulnerabilities include weak passwords, password reuse, and the absence of two-factor authentication, which can lead to serious consequences such as and identity theft.

Creating a strong password is crucial for protecting accounts from unauthorized access. Strong passwords should be long, use a mix of uppercase and lowercase letters, numbers, and , and avoid common words or personal information. Additionally, using two-factor authentication can add an extra layer of to the authentication process.

Click the keywords below to fill in the blanks:

Special Characters Stored Hash Identity Security Passphrase Data Breaches Cryptographic Hash Values Unauthorized Access

✓ All blanks filled correctly! Great job!