Page 968 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 968
What is your mother’s maiden name?
What is the name of your first boss?
What is the name of your first pet?
What is your favorite sport?
Later, the system uses these questions for authentication. If the user
answers all the questions correctly, the system authenticates the user.
The most effective cognitive password systems collect answers for
several questions, and ask a different set of questions each time they
are used. Cognitive passwords often assist with password management
using self-service password reset systems or assisted password reset
systems. For example, if users forget their original password, they can
ask for help. The password management system then challenges the
user with one or more of these cognitive password questions,
presumably known only by the user.
One of the flaws associated with cognitive passwords is
that the information is often available via the internet. If a user
includes some or all of the same information in an online profile,
attackers may be able to use the information to change the user’s
password. The best cognitive password systems allow users to
create their own questions and answers. This makes the attacker’s
job much more difficult.
Smartcards and Tokens
Smartcards and hardware tokens are both examples of a Type 2, or
something you have, factor of authentication. They are rarely used by
themselves but are commonly combined with another factor of
authentication, providing multifactor authentication.
Smartcards
A smartcard is a credit card–sized ID or badge and has an integrated
circuit chip embedded in it. Smartcards contain information about the
authorized user that is used for identification and/or authentication
