Chapter 13. Password Management and Multifactor Authentication
The use of passwords in regards to technology has been around since the early 1960s, when the first shared environment was born. MITâs Compatible Time-Sharing System was the first multiuser computer. At this early stage there was little-to-no password security, as previously only physical security was used to limit access. The CTSS passwords in theory were only accessible by the administrators, but an admin error in the late â60s caused widespread display of all usersâ plain text passwords during login after the message-of-the-day file was swapped with the password file. Oops!
Passwords have come a long way since then and some professionals even have the opinion that they are useless. While we do agree that some password implementations can be incredibly insecure, they can also add another layer of security. Passwords can be the keys to the kingdom and they arenât going anywhere any time soon. There are many ways to ensure that the transmission and storage of passwords are securely implemented. In this chapter, youâll learn how best to manage passwords and go a little bit behind the scenes on how they work.
Basic Password Practices
Simple password hashes can be cracked in less than a second with some trivial knowledge. Password cracking software such as John the Ripper support the cracking of hundreds of types of hashes using brute force or rainbow tables. Brute force attacks often use dictionary files, ...
Get Defensive Security Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
