Deck 3: User Authentication

User authentication is the fundamental building block and the primaryline of defense.

In a biometric scheme some physical characteristic of the individual ismapped into a digital representation.

User authentication is a procedure that allows communicating parties toverify that the contents of a received message have not been altered and that the source is authentic.

Memory cards store and process data.

An individual's signature is not unique enough to use in biometricapplications.

A good technique for choosing a password is to use the first letter ofeach word of a phrase.

Depending on the details of the overall authenticationsystem, the registration authority issues some sort of electronic credential to the subscriber.

User authentication is the basis for most types of access control and foruser accountability.

Keylogging is a form of host attack.

Identification is the means of establishing the validity of a claimedidentity provided by a user.

Enrollment creates an association between a user and the user'sbiometric characteristics.

A smart card contains an entire microprocessor.

Identifiers should be assigned carefully because authenticatedidentities are the basis for other security services.

Depending on the application, user authentication on a biometricsystem involves either verification or identification.

Voice pattern, handwriting characteristics, and typing rhythm are examples of __________ biometrics.

Authentication protocols used with smart tokens can be classified into three categories: static, dynamic password generator, and ___________.

A __________ authentication system attempts to authenticate an individual based on his or her unique physical characteristics.

With the __________ policy a user is allowed to select their own password, but the system checks to see if the password is allowable.

Objects that a user possesses for the purpose of user authentication are called ______

An authentication process consists of the _________ step and the verification step.

A __________ is a separate file from the user IDs where hashed passwords are kept.

The __________ is the pattern formed by veins beneath the retinal surface.

A host generated random number is often called a __________.

The technique for developing an effective and efficient proactive password checker based on rejecting words on a list is based on the use of a __________ filter.

The __________ step is presenting or generating authentication information that corroborates the binding between the entity and the identifier.

A __________ is an individual to whom a debit card is issued.

In a __________ attack, an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric.

A __________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.

__________, in the context of passwords, refers to an adversary's attempt to learn the password by observing the user, finding a written copy of the password, or some similar attack that involves the physical proximity of user and adversary.