Welcome to Week 2

In Week 2, we will cover the downsides of passwords and miscellaneous vulnerabilities of passwords and their misuse. We will also take a brief look at alternatives to passwords.

We will start by considering more attacks on password-based authentication and how they can be prevented. The attacks we’re going to investigate are credential stuffing, password spraying, and keylogger attacks. We will learn how these attacks will work in theory, but we will not actually perform them. The reason for that is because it will be too hard to perform them alone without an actual target. Rather, the goal will be to introduce you to more attacks — ones that are not necessarily hash-based but circumvent the hashing part by abusing other methods.

We will also see how to prevent the attacks discussed in Week 2, before moving on to examples of how these methods have influenced companies in the real world. The two case studies we will consider should provide insight into how you can prevent this from happening to yourself or your company.

At the end of Week 2, we will have a discussion about passwords, why they are generally not the best security measure, and what alternatives are available. Why are we currently predominantly using password authentication and not relying on other methods? Why is it that organizations generally don’t use other methods, while many individuals will rely on these for personal use? These are all questions that we hope to have more answers to by the end of the week.

By the end of this week, you will be able to:

• explain password disadvantages and vulnerabilities
• describe alternatives to password authentication
• explain how to protect your passwords against brute force and dictionary attacks, rainbow table attacks, and keyloggers
• describe the advantages and disadvantages of using password managers
• identify real-world examples of password breaches and explain their consequences
• identify password security best practices