|
Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu |
Version of March 31, 2021 at 10:57AM
A bank required passwords to be exactly 8 characters long, and could be any combination of letters and digits. When she left the caps lock key on by accident, a user found that the case of the letters did not matter — you could type either an upper case letter or a lower cae letter and it would be treated the same. Why is this bad?
Later on, the bank added what it called two-factor authentication. After you logged n, the bank announced that you would need to authenticate using a second factor. It produced another login screen. The user then entered their name and passord again, and got logged into the area with their accounts. Was this really two-factor authentication?
|
ECS 153, Computer Security Version of March 31, 2021 at 10:57AM
|
You can also obtain a PDF version of this.
|