Chapter 13. Password Management and Multifactor Authentication

The use of passwords in regards to technology has been around since the early 1960s, when the first shared environment was born. MIT’s Compatible Time-Sharing System was the first multiuser computer. At this early stage there was little-to-no password security, as previously only physical security was used to limit access. The CTSS passwords in theory were only accessible by the administrators, but an admin error in the late ’60s caused widespread display of all users’ plain text passwords during login after the message-of-the-day file was swapped with the password file. Oops!

Passwords have come a long way since then and some professionals even have the opinion that they are useless. While we do agree that some password implementations can be incredibly insecure, they can also add another layer of security. Passwords can be the keys to the kingdom and they aren’t going anywhere any time soon. There are many ways to ensure that the transmission and storage of passwords are securely implemented. In this chapter, you’ll learn how best to manage passwords and go a little bit behind the scenes on how they work.

Basic Password Practices

Simple password hashes can be cracked in less than a second with some trivial knowledge. Password cracking software such as John the Ripper support the cracking of hundreds of types of hashes using brute force or rainbow tables. Brute force attacks often use dictionary files, which are ...

Get Defensive Security Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.