Assessment of the Impact of Security Measures on the Acceptable Password Trust Level in the Authentication System
摘要
The study examines the problem of imposing objectively high requirements on users in the presence of methods used to protect against brute force attacks in the processes related to the authentication system. The paper discusses the main processes of user interaction with passwords: registration, authorization, password update and password reset. In each interaction scheme, the main stages are defined, for example, password formation, data entry, data validation for correctness. Each stage is analyzed for possible vulnerabilities that contribute to password guessing. Based on the vulnerabilities identified, technical measures to protect the authentication system are established. Each protection measure is evaluated according to such parameters as the level of loyalty and protection. The paper provides formulas and examples for calculating the reduction of the permissible password trust level based on the security measures used in the authentication system. The resulting algorithm is used in a comprehensive assessment of password strength.