Description

A 34 page guide for learning how to develop an assessment framework for people-centric authentication and login systems.

Table of contents:

Introduction

Importance of Authentication
Improved Security and Access Control
Improved Trust and Accountability
Compliance with Regulations
Supporting Personalization and User Experience
Foundation for Authorization
Minimizing Insider Threats

Importance of Authentication Testing
Increased Adversarial Targeting
Increased Authentication Usage
Increased Authentication Complexity
Increased Adversarial Attack Patterns

Authentication Assessment

Assessment Process
High Level Steps
1 – Describe Authentication System
2 – Review Existing Design and Architecture
3 – Review Password Policies
4 – Review Password Storage Mechanisms
5 – Review User Management Policies
6 – Review User Awareness and Training
7 – Vulnerability Analysis and Testing
8 – Analyze Operational Support – Updates, Compliance and Monitoring
Further Threat Modeling

Appendix – Password Policy Template
Appendix – Attack Tree Example Password Storage
About The Cyber Hut
Disclaimer