Authentication: Something One Knows
Controls of the aforementioned threats:
- [For Users] When typing a password, ensure no one (and no camera) stands right behind you.
- [For systems] Prevent access to Main Memory while a password is stored there.
- [For systems] Save each password in the database only in an encrypted form.
- [For Users] Use strong passwords that:
- Contain at least 8 characters,
- Aren't plain dictionary words or object/human names.
- Don't consist of a detail relating to your identity, e.g., your birthday, address, etc.
- Contain several types of characters: uppercase and lowercase letters, digits, punctuation, etc.
- Aren't reused across your other accounts.
- [For systems] Enforce the acceptance only of passwords that meet the above traits of strong passwords.