1
00:00:01,480 --> 00:00:08,040
Walk into a module that will focus on authentication or in other words the mechanisms for establishing

2
00:00:08,040 --> 00:00:12,580
the identity of users.

3
00:00:12,590 --> 00:00:15,620
Let's start off by explaining the involve terms and concepts

4
00:00:18,760 --> 00:00:22,750
authentication is a process of proving and verifying the identity of a user.

5
00:00:24,420 --> 00:00:28,490
You can see an example of authentication evidence in the left side of the slide.

6
00:00:31,310 --> 00:00:35,990
To be able to authenticate someone you need to have a reason for believing that that person claiming

7
00:00:35,990 --> 00:00:43,660
to be Bob is really Bob a sufficient reason could be an identity document that contains a photograph

8
00:00:43,660 --> 00:00:46,130
of its holder or a person who looks like them.

9
00:00:48,360 --> 00:00:54,500
This doesn't mean that the person is who they claim to be the authenticity of the document should be

10
00:00:54,500 --> 00:00:55,360
verified.

11
00:00:56,560 --> 00:01:03,500
So if the issuer of the document is on your list of trusted entities identification on the other hand

12
00:01:03,530 --> 00:01:06,500
is for example this simple claim.

13
00:01:06,540 --> 00:01:08,640
My name is Tom.

14
00:01:08,770 --> 00:01:10,710
Nothing else is needed.

15
00:01:10,780 --> 00:01:13,370
There is no need to prove or confirm the claim.

16
00:01:15,520 --> 00:01:18,130
Identification does not equal authentication

17
00:01:22,800 --> 00:01:23,750
authorization.

18
00:01:23,760 --> 00:01:29,190
In contrast to the two above concepts involves verifying if a person who has confirmed their identity

19
00:01:29,820 --> 00:01:35,620
has successfully authenticated has an inappropriate level of permissions required to execute an operation.

20
00:01:39,560 --> 00:01:46,740
Operating systems usually authenticate users only once as System log on authorization.

21
00:01:46,740 --> 00:01:53,300
On the other hand is performed each time the user attempts to perform any operation run an application

22
00:01:53,540 --> 00:01:56,680
open a document delete a file and so on.

23
00:01:59,670 --> 00:02:05,790
Authentication can be applied to a user or a program or even to data.

24
00:02:05,890 --> 00:02:11,230
The most common method for authenticating users which will probably remain popular for quite some time

25
00:02:11,830 --> 00:02:15,060
is checking if they know a secret that nobody else should know.

26
00:02:16,030 --> 00:02:19,880
This involves checking if a password entered in the log in screen is correct.

27
00:02:21,400 --> 00:02:24,220
Authentication can also be performed in other ways.

28
00:02:26,420 --> 00:02:32,360
You can for example authenticate a principle or person by ensuring they possess some data that is exclusive

29
00:02:32,360 --> 00:02:33,110
to them.

30
00:02:35,010 --> 00:02:40,360
This type of information is usually saved in private keys or stored on smart cards.

31
00:02:40,440 --> 00:02:42,010
We'll go back to smartcards later

32
00:02:44,730 --> 00:02:47,400
biometric authentication is another solution.

33
00:02:49,110 --> 00:02:55,900
Biometrics is based on a person's distinctive features modern operating systems can implement the use

34
00:02:55,900 --> 00:03:00,690
of all three techniques either separately or together.

35
00:03:00,720 --> 00:03:05,780
The most common method is password authentication which we'll look into more closely in a moment.

36
00:03:08,270 --> 00:03:15,240
Smartcards authentication is also very popular many computers including portable computers are equipped

37
00:03:15,240 --> 00:03:16,730
with biometric readers.

38
00:03:18,360 --> 00:03:22,110
They're less popular however and one could claim that they're less effective.

39
00:03:24,570 --> 00:03:31,380
Authentication is a process of proving an identity with the use of a secret if something is to remain

40
00:03:31,380 --> 00:03:34,600
secret it has to be changeable.

41
00:03:34,630 --> 00:03:37,410
We should change our passwords more or less regularly.

42
00:03:39,700 --> 00:03:43,950
It's also easy to issue a new certificate or renew an existing certificate.

43
00:03:45,150 --> 00:03:51,860
It's harder however to replace a handor and I it could happen as well.

44
00:03:51,950 --> 00:03:57,590
Perhaps not too often that employees will travel to places where bodily integrity is low on the priority

45
00:03:57,590 --> 00:03:59,040
list for local criminals

46
00:04:01,580 --> 00:04:05,460
corrosion can make you give away your password or hand over your smart card.

47
00:04:07,710 --> 00:04:14,620
It's harder however to persuade someone to part with their finger or eyes doesn't make sense to implement

48
00:04:14,650 --> 00:04:18,170
authentication methods that only provide further threat to users.

49
00:04:19,890 --> 00:04:21,860
Let's return to passwords for a moment.

50
00:04:25,140 --> 00:04:32,540
The problem with passwords is that with time computers are running faster and faster a password that

51
00:04:32,540 --> 00:04:34,160
was secure 10 years ago.

52
00:04:34,190 --> 00:04:40,290
Eight characters including alphabetic numeric and special characters has decreased on the security scale

53
00:04:42,850 --> 00:04:47,670
to catch up with increased computer performances user passwords would have to be ever longer.

54
00:04:49,200 --> 00:04:50,590
We'll show this in a minute.

55
00:04:51,800 --> 00:04:54,760
Longer passwords mean more trouble with remembering them.

56
00:04:55,780 --> 00:05:03,360
A 64 character random password is practically impossible to remember and even if you do memorize it

57
00:05:03,810 --> 00:05:05,650
you're sure to make typos entering it.

58
00:05:08,120 --> 00:05:10,880
That's why implementing additional authentication is crucial

59
00:05:13,500 --> 00:05:16,820
since we've mentioned that biometrics is not an ideal solution.

60
00:05:16,830 --> 00:05:23,380
We're left with smart cards the advantage of smart cards is that they can store large amounts of data

61
00:05:24,100 --> 00:05:30,720
which means that passwords and keys can be long and we don't have to remember them as well.

62
00:05:30,720 --> 00:05:38,080
This is the main strength of the smartcards announcing that your company will implement two factor authentication

63
00:05:38,230 --> 00:05:42,670
could also bring some unexpected benefits.

64
00:05:42,680 --> 00:05:50,910
This was the case with Microsoft Corp. some time ago 20 to 30 percent of traffic parameter routers and

65
00:05:50,910 --> 00:05:55,410
Microsoft networks was made up from attempts to crack staff passwords.

66
00:05:57,300 --> 00:05:59,170
Usually the attempts failed.

67
00:05:59,250 --> 00:06:04,760
But even ignoring the potential threat to security cracking attacks were an infrastructure issue.

68
00:06:05,640 --> 00:06:07,670
The network slowed down as a result.

69
00:06:09,830 --> 00:06:16,860
Microsoft announced that they'll also use smart cards in addition to passwords to log on to a computer.

70
00:06:16,870 --> 00:06:20,920
This makes tracking a password impossible without physical access to the card.

71
00:06:22,940 --> 00:06:25,360
This is the second authentication factor.

72
00:06:26,960 --> 00:06:30,720
One is something the user knows or cards pin.

73
00:06:30,890 --> 00:06:39,300
Second something the user has that is saved in the card most attackers except for the ever optimistic

74
00:06:39,300 --> 00:06:40,330
types stopped.

75
00:06:40,380 --> 00:06:49,550
Brute forcing Microsoft passwords the network sped up without any infrastructure development.

76
00:06:49,570 --> 00:06:51,600
The solution is easy and effective.