9 hours 48 minutes

Video Transcription

So with authentication proving my identity now I can. It's not crazy about the term proving because it seems so ironclad. And the most common way that we authenticate today's with the password
password is far from being ironclad, right? But you know, you can say supporting the claim the identity claim, but most the time. I think you'll see it as proving your identity. So the idea here is with authentication. We have three main modes we use or
three main toups of authentication
something. I know something. I have something I am.
And what we have to realize is today. You cannot rely on any single factor authentication. You know something I know the most common is passwords. Passwords were compromised. You know, any eight character password that you come up with regardless of the complexity,
can be cracked in a matter of three days.
A za matter of fact. Speaking of password complexity. If you followed the statement from Miss that came out, I believe last year late last year,
Um, but basically, and I hope some of you have read this, if not humor me and Google it because I think it's very enlightening that basically the guy that wrote the password standards from this came out and said, Yeah, yeah, I had that all wrong.
And the premise being is that all this complexity we're adding to an eight character password doesn't really make that password more collect more, more complex with the tools that we have today. And what it's doing is it's making it harder for us to remember. So we just wind up, write them down anyone.
I mean, if you look at complexity requirements, all right, you've gotta have a number in your password.
Where's that number going? For? 90% of the people
probably going at the end. If it's not at the end. It's at the beginning.
So is an attacker. I've got an idea. Okay, what's gonna be the first or last?
You've gotta have a known out the numeric character.
Well, what non alphanumeric characters you gonna use? Use that at symbol for a You're gonna use dollar signs for s. So the bottom line is, we're not making passwords complex by the special characters and this does come out and said, Look,
you'll be a lot better off using four distinct words
as part of your password or word number. Word number were some sort of pattern like that, and it makes it easier for the user's to remember. But it makes it harder to crack because of the length and because of the difficulty to guess what's really in there.
If you have fires and you have a robber
of recent purchase, you'll notice that instead of that standard crazy, complex key, they have
word set of numbers were instead of numbers. That is the easiest password I've ever had to remember. But it makes me look like a genius in front of my friends because they're all asking me, Hey, what's the WiFi password for your house? And I give him you know, these
28 different combinations. They're not really putting it together. Azizia zit iss And I'm like, Yeah, I remember there's 28 characters by myself because
so I shouldn't let all my tricks go out on the public airwaves, but I don't have that many. So I share what I do that.
All right, so that's something you know,
something you have. If you can touch it, you have it
house key. Every day when I come in I authenticate to my house. I put my house key in the door. Turn the lock. That house says, Oh, you got the right key. You must be Kelly. Come on in.
someone to take the key.
But again, that's why single factor authentication isn't enough today.
Cryptographic keys count for something we have. And then we also look at tight three authentications, something you are think biometrics in that term.
Okay, so something You know something? You have something you are. Those were the three most common factors. When we say multi factor authentication, we're combining. Multiple factors were not just using multiple things like a password on a pin.
Those were both something I know. Passport driver's license, those or something I have. So we're not talking about using more than one thing we're talking about Pin and tack or some sort of smart card device. Pen is something I know.
The CAC is something I have. And if you guys are in the government common access cards,
what government employees often use to authenticate.
All right, so we'll continue on in just a moment.

Up Next

Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor