3 hours 35 minutes
in this lesson, I will be talking about protecting user authentication. Eso I went all the methods to protect against unauthorized Loggins on a PC.
password is the main method of authentication
on most of BC's. There are more modern method of fortification than just user name and password. Then I'm going to talk very soon within this lesson about it.
But regarding password is
that if they're weak, passports easy to crack their the main reason for unauthorized BC access
eso If somebody gives the holding your password hash, they can correct it. Use Bruce Force,
meaning that there is a software that can simply extract passwords from the best with cash.
Uh, the longer the passport is, the more time it takes for software toe crack it,
and then we have social engineering on Sometimes social engineering doesn't even have toe include the contact
about the with the person that they're trying toe what they get along the hold off their password. So
people are usually using their names, names of family members, beds, birthdays, whatever. So if you just do research and find the details about the person, you can try to,
you know, like my name and and my year of birth is a typical bad password is being used.
Aziz said. Time to crack password girls exponentially with password lengthened. The unfortunate thing is that 99% of users have password length set that minimal allowed. So if your company has a policy about passwords and says
you have to have your passport that minimum eight characters long it has to include one capital letter, at least one small letter, one the
number and one special sign.
But it says eight letters are eight characters long. 99% of the people will have their passport eight characters long. If it's 12 characters, then they really use 12. Character is, um, that's it. Nobody will say Okay, let's do 30.
And because it's much safer because even if they're trying to use the social engineering to get your information, if your password these 30 characters long,
there is quite a lot of trial and there because before they they guessed the right one. Even if you're using just the plain things, they are like your name, last name and the names of your family members and their birthdates and whatever
this is why there is a growing movement within the sort of security community to explain to people that they shouldn't use passwords. They should use past phrases or passed sentences.
Pass phrases sentence that you can easily limb. Um, remember, it's long a sentence. It should be a two least 15 to 20 characters. Long thirties Pref erred, and it's something that is clear to you, but it's not obvious in terms of what what it contains.
So and I explain it to immediately.
So, as I said, my name in my year of birth, which is something that you can find on the Internet, is very bad password. Even if I try to, you know, change things like replacing letters with numbers and add some underscores and whatever, like the 2nd 1 you see on the screen.
It's also very bad passport. It can be really easily cracked,
and the 3rd 1 you seems really good password. It's not very long. It's really good password because it's completely random, but nobody can remember it and thats why nobody is using these passwords. I mean, I have seen people being forced to use similar passwords, and what do they do they wrote it down.
So for somebody who wants to crack that users authentication, they just need to find the place where they wrote it down.
So let's look at the fourth line. So the four Klein says. And these are also the things that you can find on the Internet,
but it's very complex. It says. I was born on 20th the focus. That doesn't say which here, but I adding It was a very hot day, hottest day of that year.
Now nobody can deduce what kind of first sentence and how many sentences. What is the structure? What I'm going to say. So three only way to crack this passport is with
Essentially may be looking over my shoulder with the camera and recording my key strokes or by brute force, cracking off the parts with hatchback support for passport this long. It will take a really long time,
so it is much better than the randomly generated password. It is 20 characters long, although it looks, you know, completely
crack a ble. But
try to ask yourself, Is it possible to crack something like this?
And then we have something even better, which is multi factor authentication. So you are not supposed to do one thing but two things.
And, for example, two factor authentication is built in windows,
and it concludes several things out of which you choose do so it could be facial recognition. It could be feeling fingerprint.
It could be bean and some other things,
and it requires that, for example, you enter the pin and put your finger on the
reader fingerprint reader that exists on your PC.
especially if it's a laptop, then it's very easy to get it with good one built in
and and then it's much more difficult because they are. Don't only the crowd hackers. They don't only need to find your pin, but they also need to have something that is essentially your
what you are.
But it is even better toe have three factor at indication, which is offered by some PC vendors under 1/3 party software. That offer and the three factor authentication includes something you know, like a pin password, something you are
like your fingerprint Oreo face
and something you have, which can be your key card when which you,
you know, getting in inside you, the office so it can be proximity card or even better, it can be smart card. So basically, put your smart card in this market reader. And if it's ah if it's business notebook, then it's probably the reader is already built in.
Then you enter pin, and then his additional measure. You have to put fingerprint, you know, in orderto fake all these things, it's really, really complex, and it's really complicated.
So these are the ways to protect the password on. And let me just ask you the question, which is the slowest additional authentication method now. This requires for you, too,
I think a little, because I didn't mention it explicitly.
Eso weaken visit fingerprint. Is it facial recognition or is it smart card with a pin?
And the correct answer is facial recognition and going to try to explain it very quickly.
Facial recognition requires some very, very complex algorithms. It requires a lot of processing power, and it can take several seconds up to five. Sometimes six seconds toe actually work,
even if it ah
does the recognition from the first attempt. It really depends on the process of speed you have in your PC, even the the amount of memory. So this is the slowest one. And this is why I never commended for people to use it at this point in time. Also, it
it creates a lot in there a lot of situation in which facial recognition can create a lot of false negatives.
Okay, so in this video, you have learned about the ways to protect against unauthorized longings. And the next one, I'm going to give you an example of windows. Hello. And education, which is two factor authentication. Actually, I'm going to give you the example how to set it up.