Page 963 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 963
support Android Lock allowing users to swipe the screen connecting
dots on a grid. Note that these methods are different from behavioral
biometrics explained further in the “Biometrics” section later in this
chapter. Behavioral biometrics examples such as signatures and
keystroke dynamics are unique to individuals and provide a level of
identification, but swiping a touch screen can be repeated by anyone
who knows the pattern. Some people consider this as a Type 1 factor of
authentication (something you know), even though a finger swipe is
something you do.
Passwords
The most common authentication technique is the use of a password
(a string of characters entered by a user) with Type 1 authentication
(something you know). Passwords are typically static. A static
password stays the same for a length of time such as 30 days, but
static passwords are the weakest form of authentication. Passwords
are weak security mechanisms for several reasons:
Users often choose passwords that are easy to remember and
therefore easy to guess or crack.
Randomly generated passwords are hard to remember; thus, many
users write them down.
Users often share their passwords, or forget them.
Attackers detect passwords through many means, including
observation, sniffing networks, and stealing security databases.
Passwords are sometimes transmitted in clear text or with easily
broken encryption protocols. Attackers can capture these
passwords with network sniffers.
Password databases are sometimes stored in publicly accessible
online locations.
Brute-force attacks can quickly discover weak passwords.
Password Storage
