Time
8 hours 33 minutes
Difficulty
Beginner
CEU/CPE
9

Video Transcription

00:06
so authentication mechanisms. You know what kind of authentication mechanisms are out there? They generally fall in tow in tow. Three main categories. Something that you know, something that you have and something that you that you are.
00:21
And generally there's. There's kind of an order of strength to it. You know, something that you are
00:27
is regarded as is a little bit more secure. It's more difficult to because it is based on, you know, something that you are. It's generally more difficult spoof for toe to replicate. As you know, we just talked about with fingerprints,
00:47
something you have.
00:49
It's a little bit less secure, but But you know the idea. There it's the authentication is based on some kind of token that you have. So the security is based on, you know, keep you know, holding onto that onto that token,
01:07
you know, they can be replicated. They can be spoof, but it relies more on someone getting a hold off the token that, in theory, you should be in control of it all times and then something, you know, that's your password. And that's generally regarded, as you know, the weakest form of of
01:27
authentication just because
01:30
passwords can be easily, you know, stolen. Um, you know, they could be sniffed off the wire. People can use things like like like fishing. Thio do people into disclosing passwords. They can even be, you know, guests as we saw
01:48
and previous modules with tools
01:51
like like loft crack and John the Ripper. You can just do you just very basic attacks against against those just password, you know, dictionary tax and brute force attacks where you don't even know anything about the password. And you just start going through every single permutation that you can you can conceive off.
02:10
So,
02:12
you know, when we talk about a strong authentication, uh, generally regarded in effective strategies to have, at least, you know, at least two authentication mechanisms in place. So you have to factor authentication or even multi factor authentication. We're going to use all three,
02:31
um,
02:34
so physical security, you know, authentication, smart cards. So now we're talking about something that you have So smart card. It's just, you know, just like a regular i d badge. But it has a microchip on it that that stores, stores, data data could be anything it can. The data can actually possess
02:53
Ah,
02:53
some biometrics keep like a fingerprint, you know? Or, you know, a picture Information about you know, the individual. You can have a digital certificate on it on dso It can be used for many, many different things. Security tokens. This is like everyone's seen. The Arcee tokens
03:13
have the 60 minute every 60
03:15
every 60 minutes every 60 seconds they refreshes as the one time password. New Ah ah! New six digit number shows up every minute. And the idea there is it It's a token, something that you have. But you also combine it with something that you know. So you depend.
03:35
Uh
03:36
uh,
03:37
You have a pin number, so you have to use your pin number in conjunction with the one time pastor of the piers on the token.
03:45
Once again, the security of of the security token is based on the fact that you are in control of it. You you are the only person who will possess that token

Up Next