Biometric Authentication

What is Biometric Authentication?

Biometric authentication is a security process that relies on an individuals unique biologocal characteristics and is used to verify that a person is who they say they are. (1)

What was once a technology only seen in spy movies, biometric authentication is now a common sight in many workplaces and offices. Because biometrics are based on an individual's biology, it is challenging to fake your way through the authentication process.

Different Types of Biometric Authentication

Firewalls

What are Firewalls?

A firewall is a network security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented into both hardware and software, and even both together. Network firewalls are frequently used to prevent unauthorized Internet users from accessing private internet connections. All messages entering or leaving the intranet, a private communications network, pass through the firewall, which examines each message and blocks those that do not meet the specified security requirements.

Different Types of Firewalls

Password Securities

Plain Text Passwords

Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to fix the password management problem by changing the password with an encoding function, such as base 64 encoding, but this effort does not properly protect the password.(3)
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource. Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this lazy and negative attitude makes a hackers job easier. Good password management guidelines require that a password never be stored in plaintext.

Rainbow Tables

A rainbow table is a listing of all possible plaintext original inputs of encrypted passwords specific to a hash algorithm. Rainbow tables are often used by password cracking software for network security attacks. All computer systems that require password-based authentication store databases of passwords associated with user accounts, typically encrypted rather than plaintext as a security measure.(4)

Hashing

Instead of storing your password as plain text, a site runs it through a hash function, like MD5, a type of chriptographic hash algorithm, which transforms it into an entirely different set of digits; these can be numbers, letters, or any other characters. Your password could be HQ3abcLT0. That might turn into 7dVq$@ihT, and if a hacker broke into a database, that's all they can see. And it works only one way. You can't decode it back.

Salted Hashing

Salted hashes are based on the practice of a cryptographic nonce, a random set of data generated for each password to stop repeat attacks, typically very long and very complex.(5)
These additional digits are added to the beginning or end of a password before it passes through the hash function, to try to deter attackers from trying to make or use rainbow tables. It generally doesn't matter if the salts are stored on the same servers as hashes; cracking a set of passwords can be hugely time-consuming for hackers, made even tougher if your password itself is long, random, or complicated. That's why you should always use a strong password, no matter how much you trust a site's security.


Questions

  1. What is the worst type of online password security and why?
  2. In what form is a firewall installed? Hardware, software, or both?
  3. What is one type of biometric authentication? How does it work?

  4. Answers

    Works Cited

    1. What is biometric authentication? - Definition from WhatIs.com. (n.d.). Retrieved from https://searchsecurity.techtarget.com/definition/biometric-authentication
    2. What is proxy firewall? - Definition from WhatIs.com. (n.d.). Retrieved from https://searchsecurity.techtarget.com/definition/proxy-firewall
    3. MrDatabaseMrDatabase 16.4k3897149, & Dave MarkleDave Markle 76k16129158. (n.d.). What is base 64 encoding used for? Retrieved from https://stackoverflow.com/questions/201479/what-is-base-64-encoding-used-for
    4. What is rainbow table? - Definition from WhatIs.com. (n.d.). Retrieved from https://whatis.techtarget.com/definition/rainbow-table
    5. Bates, P. (2016, August 23). How Do Websites Keep Your Passwords Secure? Retrieved from https://www.makeuseof.com/tag/websites-keep-passwords-secure/
    6. Picture #1: Dang, D. L., & Dang, D. L. (2017, December 06). Ethics of Security Authentications - CCA IxD Thesis Writings - Medium. Retrieved from https://medium.com/cca-interaction-design-thesis/ethics-of-security-authentications-1a9247850986
    7. Picture #2: Firewall e Proxy. (n.d.). Retrieved from https://vitalti.site/servicos/firewall-e-proxy
    8. Picture #3: Salesforce Mobile App Development. (n.d.). Retrieved from https://www.dreamstel.com/salesforce/salesforce-mobile-apps-development.html
    9. picture #4: Rainbow_table. (n.d.). Retrieved from http://www.thesecurityblogger.com/understanding-rainbow-tables/rainbow_table/