From the course: Threat Modeling: Spoofing In Depth

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Attacking what you know

Attacking what you know

From the course: Threat Modeling: Spoofing In Depth

Start my 1-month free trial

Attacking what you know

- Good secrets are shared with just a few friends. The annoying thing about any secret is how hard it is to keep it a secret. When you enroll in a new system that organization asks you to share some secrets with them for authentication. And these secrets work best when they're not widely known. As Ben Franklin said, three can keep a secret if two of them are dead. My password is a secret that I share with a service. In my case I really share each password with a single site and I use a password manager, one password to manage that for me. I like that it has a mode where passwords aren't ever stored in the cloud. For most people they have one or a few passwords and they share those secrets with the other 11 gazillion sites they use. So it's a secret shared with a lot more than three people. Similarly, your mother's maiden name is a secret that you, your family, and various genealogy websites all know. The street you grew up on, that's part of your royal wedding guest name. Take a…

Contents