Understanding password management, key management, and cryptography
Before we jump straight in, authentication, authorization, and cryptography are fundamental to protecting confidentiality, so just a few words on password management, key management, and cryptography. There are many books dedicated to these topics that go into much more detail than I ever could here, but I’ll cover some of the topics quickly to give you some context as we go through the chapter.
Authentication is a mechanism for verifying that a person is who they say they are, and authorization is a mechanism for determining whether they have sufficient privileges for the object they are trying to access.
Password management
Using the same password for different accounts is an enormous risk because, if a site where it was used gets breached and it wasn’t stored securely, then it is probable an attacker will try and reuse that username and password combination on other sites. Short passwords...
