FREE! Click here to Join FunTrivia. Thousands of games, quizzes, and lots more!
Quiz about Authentication and Password Guidelines
Quiz about Authentication and Password Guidelines

Authentication and Password Guidelines Quiz


In 2016 the US National Institute of Standards and Technology updated the Digital Identity Guidelines. Though written for public sector, many private sites use the guidelines. As an end user, do you know what the standards recommend to protect you?

A multiple-choice quiz by mlcmlc. Estimated time: 5 mins.
  1. Home
  2. »
  3. Quizzes
  4. »
  5. Science Trivia
  6. »
  7. Computers
  8. »
  9. General Computing

Author
mlcmlc
Time
5 mins
Type
Multiple Choice
Quiz #
391,519
Updated
Dec 03 21
# Qns
10
Difficulty
Average
Avg Score
7 / 10
Plays
476
- -
Question 1 of 10
1. One of the major changes to the US National Institute of Standards and Technology (NIST) Digital Identity Guidelines of 2016 was that there are now four separate documents. This is to allow flexibility for updates in the future (which could include additional documents) and clarity. One of the sections deals specifically with the verification that you are logging into your account. Given the four sections, where would this be covered? Hint


Question 2 of 10
2. One of the items addressed was that many password configurations are complicated and users frequently cheat. Once you understand that, can you identify in the list of choices one of the primary concerns addressed in the 2016 NIST Digital Identity Guidelines? Hint


Question 3 of 10
3. One of the factors that helps to make passwords more secure is the length. The 2016 NIST Digital Identity Guidelines changed the minimum number of significant characters from 6 to 8. Does the standard specify a maximum length?


Question 4 of 10
4. The implementation of part of the earlier guidelines is why many sites now require the use of capitals, numbers and special characters in a password. The 2016 version of the NIST Digital Identity Guidelines eliminated the need for this. Which item from the list below would this describe? Hint


Question 5 of 10
5. The NIST Digital Identity Guidelines published in 2016 recommended that user passwords be screened against a dictionary of commonly-used terms. According to the standard, how large should the dictionary be? Hint


Question 6 of 10
6. Though not specified in the previous version of the NIST Electronic Authentication Guideline, password expiration times were addressed in the 2016 version, Digital Identity Guidelines. Since this was intended to encourage good passwords, which of these do you believe was specified? Hint


Question 7 of 10
7. If correctly written and implemented, one of the recommendations made in the 2016 NIST Digital Identity Guidelines would provide a visual to the end user measuring how secure a newly created password is. What name refers to the code which is intended to measure the password substance as the user creates it? Hint


Question 8 of 10
8. One website responsibility is to ensure, to the best of their ability, that it is you who are accessing your account or changing your password. Many sites have a list of questions and store your answers on their server for verification. In the 2016 NIST Digital Identity Guidelines, what is this verification called? Hint


Question 9 of 10
9. Prior to the publication of the 2016 NIST Digital Identity Guidelines, many banking institutions enabled a previously recommended method to ensure that you are logging into your account. Once you have logged into the account an email or an SMS message is sent. What is this type of authentication called? Hint


Question 10 of 10
10. One form of recognition includes the scanning of a physical characteristic, such as a fingerprint. In the NIST Digital Identity Guidelines published in 2016 some changes have been made to the requirements for this type of authentication. What is this type of authentication? Hint



(Optional) Create a Free FunTrivia ID to save the points you are about to earn:

arrow Select a User ID:
arrow Choose a Password:
arrow Your Email:




Quiz Answer Key and Fun Facts
1. One of the major changes to the US National Institute of Standards and Technology (NIST) Digital Identity Guidelines of 2016 was that there are now four separate documents. This is to allow flexibility for updates in the future (which could include additional documents) and clarity. One of the sections deals specifically with the verification that you are logging into your account. Given the four sections, where would this be covered?

Answer: Enrollment & Identity Proofing

One of a website's most important requirements is ensuring that only you can access your account, especially for any financial accounts. Identity proofing can be complicated to implement, and has been implemented in many ways. The new guidelines took a risk-based approach.

For example, a website that has no personal information doesn't have the same security requirements as a bank or investment site.
2. One of the items addressed was that many password configurations are complicated and users frequently cheat. Once you understand that, can you identify in the list of choices one of the primary concerns addressed in the 2016 NIST Digital Identity Guidelines?

Answer: Must be user friendly

Past standards have put much responsibility on the individual users for maintaining password security, but the revised standard put more of the burden on the password verifier.

Now, this doesn't absolve the user from making sure their password is secure. Alas, many users must not really understand as the most common password in use between 2013 and 2017 (according to security firm SplashData) is 123456.
3. One of the factors that helps to make passwords more secure is the length. The 2016 NIST Digital Identity Guidelines changed the minimum number of significant characters from 6 to 8. Does the standard specify a maximum length?

Answer: yes

One way to remember longer passwords is to use a passphrase rather than just a combination of unrelated characters. The 2016 standard requires that 64 characters be accepted and used. The "and used" portion of the requirement is important because some password applications allow more characters than are counted as significant (i.e., it might allow more than 8 characters, but only apply the encryption methodology to the first 8).

When passwords are stored they shouldn't be recoverable. This can be accomplished by "salting" the input password with additional characters and then "hashing" or scrambling the results.
4. The implementation of part of the earlier guidelines is why many sites now require the use of capitals, numbers and special characters in a password. The 2016 version of the NIST Digital Identity Guidelines eliminated the need for this. Which item from the list below would this describe?

Answer: composition rules

Truly, adding composition rules didn't effectively inhibit the ability of hackers to break passwords such as pa55w0rd or letme1n. The intent is to allow greater password creativity by having users create longer passwords or passphrases that they will remember more easily.
5. The NIST Digital Identity Guidelines published in 2016 recommended that user passwords be screened against a dictionary of commonly-used terms. According to the standard, how large should the dictionary be?

Answer: It was not specified

The recommendation in the 2016 guidelines was to use a dictionary to prevent the use of common, simple words. However, no specific size was recommended. At that time it was acknowledged that some research was still required to determine the correct size - too small and it will be ineffectual, too large and the user will be impacted. Other items for inclusion could be passwords known to be compromised, sequential repetitive characters (e.g., 8888888 or 123123), or context specific passwords (e.g., gmailemail for a google mail account).

The guidelines also acknowledged is the issue of what to do when users are told to choose another password and the next one is really not an improvement, e.g., password7 to password8.
6. Though not specified in the previous version of the NIST Electronic Authentication Guideline, password expiration times were addressed in the 2016 version, Digital Identity Guidelines. Since this was intended to encourage good passwords, which of these do you believe was specified?

Answer: No requirement for periodically changing passwords

It is generally accepted that users cheat when it becomes difficult. Well, remembering a new complex password or passphrase every 90 days would be tough. So some may simply make it easier for themselves by making minor changes: e.g., the password Iwantadog2 at the next password change will become Iwantadog3.

If a password has been compromised, it should be changed immediately. Any password that comes as a default with a system or device should also be changed at once.
7. If correctly written and implemented, one of the recommendations made in the 2016 NIST Digital Identity Guidelines would provide a visual to the end user measuring how secure a newly created password is. What name refers to the code which is intended to measure the password substance as the user creates it?

Answer: password-strength meter

The guidelines recommended that the password-strength meter be added so that users can easily know whether or not they are creating a strong password. This is felt to be most important when the previous password has been rejected.

Users should just remember that a password-strength meter is code written to help, but the ultimate responsibility for a secure password still rests with them. There are many theories about what makes the most secure password, but the current NIST recommendation is more about length than extreme complexity.
8. One website responsibility is to ensure, to the best of their ability, that it is you who are accessing your account or changing your password. Many sites have a list of questions and store your answers on their server for verification. In the 2016 NIST Digital Identity Guidelines, what is this verification called?

Answer: knowledge-based authentication

Many sites implement knowledge-based authentication by supplying a list of "random" questions which you answer. Some actually let you create the questions and answers. Either way NIST recommended that these type of questions be removed because they are so easily hacked.

An example of one of these questions is "What's your favorite color?" Most answers fit within a small number of colors such as blue, green, red, pink, yellow, or purple.
9. Prior to the publication of the 2016 NIST Digital Identity Guidelines, many banking institutions enabled a previously recommended method to ensure that you are logging into your account. Once you have logged into the account an email or an SMS message is sent. What is this type of authentication called?

Answer: two-factor authentication

The use of two-factor authentication is intended to be a more secure method. Two-factor authentication is intended to use something you know (password) and something you have (the code sent to you on a token, via email, or SMS (short message service)).

However, in the 2016 version of the NIST Digital Identity Guidelines, it was recommended that all SMS messages be eliminated. Some of the reasons include the fact that users change phone numbers and the current level of security of smartphones.
10. One form of recognition includes the scanning of a physical characteristic, such as a fingerprint. In the NIST Digital Identity Guidelines published in 2016 some changes have been made to the requirements for this type of authentication. What is this type of authentication?

Answer: biometric

Many of us use biometrics, such as a fingerprint, to access our personal devices. One change made to this version of the guidelines was that biometrics can only be used as a part of a two-factor authentication. The recommendation is that a presentation attack detection method is also implemented. An example would be a facial scan followed by a request to read something randomly provided and then verified with lip reading or speech recognition.
Source: Author mlcmlc

This quiz was reviewed by FunTrivia editor rossian before going online.
Any errors found in FunTrivia content are routinely corrected through our feedback system.
Related Quizzes
This quiz is part of series this author's Adventures in Authoring #3:

Progressing through the Adventures in Authoring challenge gives the opportunity to write all kinds of quizzes. Here are some of the quizzes I created during the challenge.

  1. Compound Word Come Around Easier
  2. Step by Step Average
  3. Authentication and Password Guidelines Average
  4. Color Parade Very Easy
  5. A Raw Deal Easier

12/22/2024, Copyright 2024 FunTrivia, Inc. - Report an Error / Contact Us