Exercises on introduction, authentication and access control

2021-2022 Demo exam exercise 1 (4 points)

In a company, each employee works in an open space. We need to design proper policies to minimize the risk that passwords get compromised. Such policies will be enforced whenever a user chooses a new password. Also, assume that passwords are only used to access a cloud-based email client over TLS.

1. [1 point] What are the main characteristics of a password on which we can act when writing a policy?
2. [2 points] What is the most likely attack scenario against passwords considering the above description of the conditions of each employee? Why?
3. [1 point] Given the answer provided in point 2, what is the most important characteristic that you need to enforce in the password policy (in order to avoid the attack scenario)?