Thinking Security: Stopping Next Year’s Hackers

Chapter 7. Passwords and Authentication

“I haven’t told him about you, but I have told him to trust absolutely whoever has the key word. You remember?”

“Yes, of course. Meshuggah. What does it mean?”

“Never mind.” Abrams grinned.

Ensign Flandry—POUL ANDERSON

7.1 Authentication Principles

Authentication is generally considered to be one of the most basic security principles. Absent bugs—admittedly a very large assumption—authentication effectively controls what system objects someone can use. In other words, it’s important to get authentication right.

Most discussions of authentication start by describing the three basic forms: something you know (e.g., a password); something you have, such as a token or a particular mobile phone; and something ...

Get Thinking Security: Stopping Next Year’s Hackers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Thinking Security: Stopping Next Year’s Hackers by Steven M. Bellovin

Chapter 7. Passwords and Authentication

7.1 Authentication Principles

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly