Who You Are
Each person has unique physical characteristics, such as a fingerprint, retina pattern, or voice print. These personal biometric characteristics uniquely identify a specific person. Biometric security compares physical characteristics against stored profiles to authenticate users. In this case, a profile is a data file containing known characteristics of an individual. The system grants the user access if their characteristics match the information saved in their profile. A fingerprint reader is a common biometric device.
There are two types of biometric identifiers:
- Physical characteristics—Fingerprints, DNA, face, hands, the retina, or ear features
- Behavioral characteristics—Patterns of behavior such as gestures, voice, gait, or typing rhythm
Biometrics is becoming increasingly popular in public security systems, consumer electronics, and point-of-sale applications. Implementing biometrics involves a reader or scanning device, software that converts the scanned information into digital form, and a database that has biometric data stored for comparison.
Passwords (39.2.8)
To protect network devices, it is important to use strong passwords. Here are standard guidelines to follow:
- Use a password length of at least 8 characters, preferably 10 or more characters. A longer password is a more secure password.
- Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed.
- Avoid passwords based on repetition, common dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information.
- Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty.
- Change passwords often. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited.
- Do not write passwords down and leave them in obvious places such as on the desk or monitor.
Table 39-3 shows examples of weak and strong passwords.
Table 39-3 Examples of Weak and Strong Passwords
On Cisco routers, leading spaces are ignored for passwords, but spaces after the first character are not. Therefore, one method to create a strong password is to use the space bar and create a phrase made of many words. This is called a passphrase. A passphrase is often easier to remember than a simple password. It is also longer and harder to guess.
Use a password manager to secure passwords for your online Internet activity. Considered to be the best practice to secure passwords, the password manager automatically generates complex passwords for you and will automatically enter them when you access those sites. You only have to enter a primary password to enable this feature.
Multi-Factor Authentication Use multi-factor authentication when available. This means that authentication requires two or more independent means of verification. For example when you enter a password, you would also have to enter a code that is sent to you through email or text message.