Skip to main content

Exercises on introduction, authentication and access control

2021-2022 Demo exam exercise 1

In a company, each employee works in an open space. We need to design proper policies to minimize the risk that passwords get compromised. Such policies will be enforced whenever a user chooses a new password. Also, assume that passwords are only used to access a cloud-based email client over TLS.

  1. What are the main characteristics of a password on which we can act when writing a policy?
  2. What is the most likely attack scenario against passwords considering the above description of the conditions of each employee? Why?
  3. Given the answer provided in point 2, what is the most important characteristic that you need to enforce in the password policy (in order to avoid the attack scenario)?
Back to top