...
/Minimizing the Cost of Credential Loss
Minimizing the Cost of Credential Loss
The Impact of credential loss can be minimized from the get-go. Let's explore how.
We'll cover the following...
Credentials such as keys and passwords, by their nature, are extremely valuable to attackers and difficult to work with securely. Of course, we do our best to keep them safe, but what if we fail? Is there anything we can do to soften the blow?
Consider this serious-looking equation:
The rest of this course addresses the first term—lowering the likelihood of a successful attack. That’s good; that’s where we should focus most of our efforts. But we should prepare for the worst. Let’s assume that someday, despite our best efforts, we lose control of our credentials. Since we can’t 100% guarantee that we’ll never lose credentials, we should take steps ahead of time to lower the cost of the loss by lowering the value of the credentials as much as possible.
We minimize the value of credentials in three main ways:
- We limit the time in which a given credential is valid.
- We limit the power of a user password by splitting authority between a password and a second factor.
- We limit the scope in which a given credential can be used.