Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,360 --> 00:00:07,440 In our next section we will talk about password policies elements and passwords. 2 00:00:07,460 --> 00:00:08,680 Elton Matthews 3 00:00:11,160 --> 00:00:19,800 so most systems in an enterprise network use some form of authentication to grant or deny user access 4 00:00:20,370 --> 00:00:27,990 when users access a system a user name and password are usually invoked as you know at the most of the 5 00:00:27,990 --> 00:00:35,730 time it is like that and it might be fairly easy to guess someone's user name based on that person's 6 00:00:35,760 --> 00:00:36,730 real name. 7 00:00:37,170 --> 00:00:46,680 If the user's password is set to some default value or to a word or text text string that is easy to 8 00:00:46,710 --> 00:00:52,220 guess an attacker might easily gain access to the system too. 9 00:00:52,320 --> 00:01:00,870 So guys think like an attacker for a moment and see if you can make some guesses about passwords you 10 00:01:00,870 --> 00:01:05,310 might try if you want to log in to a random system. 11 00:01:05,490 --> 00:01:14,540 Perhaps you told totes of passports like Password password 1 3 1 2 3 4 5 6 and so on right. 12 00:01:14,970 --> 00:01:23,940 And perhaps you could try a username as admin and password like admin an attacker can launch an online 13 00:01:24,000 --> 00:01:27,300 attack by actually entering each password. 14 00:01:27,360 --> 00:01:31,620 Yes as the system prompts for user credentials. 15 00:01:31,620 --> 00:01:39,960 In contrast to an offline attack occured when the attacker is able to retrieve the encrypted or hashed 16 00:01:39,960 --> 00:01:50,370 passwords ahead of time then goes off line to an external computer and uses software there to repeatedly 17 00:01:50,370 --> 00:01:53,790 attempt to recover the actual password. 18 00:01:53,790 --> 00:02:02,740 So attackers can also use software to perform dictionary attacks to discover a user's password. 19 00:02:02,940 --> 00:02:12,120 The software will automatically attempt to log in with passwords taking from a dictionary or worthless. 20 00:02:12,120 --> 00:02:20,880 In this meta guys and it's might be a I'm sorry it's mine I have to go through thousands or millions 21 00:02:20,880 --> 00:02:25,130 of attempts before discovering the real password. 22 00:02:25,140 --> 00:02:33,990 In addition the software can perform a brute force attack by trying every possible combination of letter 23 00:02:34,050 --> 00:02:43,290 number and symbols strings and brute force brute force attacks Rick are really very power powerful computing 24 00:02:43,290 --> 00:02:52,830 resources and a large amount of time and to mitigate password attacks an enterprise should implement 25 00:02:52,880 --> 00:02:56,600 a password policies for all users guys. 26 00:02:56,730 --> 00:03:04,590 Such a policy might include guidelines that require a long password string made up of a combination 27 00:03:04,590 --> 00:03:11,220 of upper and lower case characters along with numbers and some special characters. 28 00:03:11,220 --> 00:03:20,760 Maybe the goal is to require all passwords to be complex strings that are difficult to guess or reveal 29 00:03:20,760 --> 00:03:24,290 by a password attack as well. 30 00:03:24,300 --> 00:03:32,790 Password management should require all passwords to be changed periodically so that even length the 31 00:03:32,940 --> 00:03:39,300 brute force attacks would not be able to recover a password before it is changed again. 32 00:03:41,070 --> 00:03:42,390 And yes. 33 00:03:42,750 --> 00:03:51,180 Passports have some vulnerabilities sometimes and for critical systems enterprises mostly consider to 34 00:03:51,180 --> 00:04:00,450 use passwords alternatives and they are multi factor authentication physical access control certificates 35 00:04:00,480 --> 00:04:01,820 and their biometrics. 36 00:04:01,830 --> 00:04:06,710 And let's take a look to these alternatives and learn about them. 37 00:04:09,040 --> 00:04:17,230 As simple passwords passwords string in the single factor that a user must enter to be authenticated 38 00:04:18,010 --> 00:04:26,440 because a password should be remembered and not written down to anywhere you might think of your password 39 00:04:26,530 --> 00:04:32,290 as something you know hopefully nobody else knows this too. 40 00:04:32,410 --> 00:04:40,620 Otherwise they could use it to impersonate when you authenticating right multi factor authentication. 41 00:04:40,960 --> 00:04:49,990 Which is also known as MFA is an authentication method in which a computer user is granted access only 42 00:04:49,990 --> 00:05:00,110 after successfully persisting two or more pieces or of evidence or factors to an authentication mechanism. 43 00:05:00,190 --> 00:05:10,090 No Lich and something the user and only the user knows that means and possession something the user 44 00:05:10,120 --> 00:05:22,120 and the only the user has and inherits something the user and the only the user s and two factor authentication 45 00:05:22,120 --> 00:05:30,700 for example also known as to FAA is at type or subset of multi factor authentication. 46 00:05:30,700 --> 00:05:38,380 It is a method of confirming users claimed identities by using a combination of two different factors 47 00:05:38,980 --> 00:05:51,010 one something they know 2 something they have or 3 something they are a good example of two factor authentication 48 00:05:51,340 --> 00:05:56,350 is the throwing of money for and 18 for example. 49 00:05:56,350 --> 00:05:58,680 All of us do this right. 50 00:05:59,290 --> 00:06:07,510 Then only the correct combination of a bank card and PIN number allows the transaction to be carried 51 00:06:07,510 --> 00:06:08,570 out. 52 00:06:08,590 --> 00:06:17,380 Two other examples are supplement a user controlled password with a one time password to a OTP or code 53 00:06:17,410 --> 00:06:20,770 generated or received by an authenticator. 54 00:06:20,770 --> 00:06:31,710 For example like it may be a security token or a smartphone that only the user possesses let's go ahead 55 00:06:31,710 --> 00:06:40,050 with the digital certificates at digital certificate can serve as one alternative factor because it 56 00:06:40,050 --> 00:06:50,790 serves as a trusted form of identification and adherence to a standardized format and contains encrypted 57 00:06:50,850 --> 00:06:52,520 information guys. 58 00:06:52,590 --> 00:07:03,330 If an enterprise support certificate to use then a user must request and be granted a unique certificate 59 00:07:03,390 --> 00:07:13,680 to use for specific purposes for example certificates used for authenticating users must be approved 60 00:07:13,680 --> 00:07:17,570 for authentication in order to be trusted. 61 00:07:17,580 --> 00:07:27,600 Certificates must be granted to and digitally signed by a trusted certificate authority known as S.A.. 62 00:07:27,840 --> 00:07:36,810 As long as these services used by these sent enterprise gnome and the trust to see a then individual 63 00:07:36,810 --> 00:07:41,330 certificate signed by that S.A. can be trusted as well. 64 00:07:44,110 --> 00:07:53,590 Biometric credentials are another password alternative can be used and biometric credentials carry this 65 00:07:53,600 --> 00:08:00,190 scheme even further by providing a factor that represents something you are. 66 00:08:01,090 --> 00:08:10,800 The idea is to use some physical attribute from a user's body to uniquely identify that person physical 67 00:08:10,830 --> 00:08:20,040 attributes are usually unique to each individual's body structure and cannot be easily stolen or duplicate 68 00:08:20,040 --> 00:08:29,700 that right and for example a user's fingerprint can be scanned and used as an authentication factor. 69 00:08:29,700 --> 00:08:41,070 Other examples include face recognition palm prints and voice recognition iris recognition and retinal 70 00:08:41,070 --> 00:08:42,660 scans. 71 00:08:42,660 --> 00:08:51,960 As you might expect some methods can be trusted more than others and sometimes facial recognition systems 72 00:08:51,960 --> 00:09:00,300 can be fooled when presented with photographs or masks of trusted individuals. 73 00:09:00,480 --> 00:09:08,940 Injuries and the aging process can also alter biometric patterns such as fingerprints facial shapes 74 00:09:08,970 --> 00:09:14,970 and iris patterns to help mitigate potential weaknesses. 75 00:09:14,970 --> 00:09:22,280 Multiple biometric credentials can be collected and used to authenticate so users as well. 8907