Across the web are thousands of sites with varying levels of password complexity requirements (Links to an external site.)Links to an external site.. As we know, the suggested password recommendations from NIST (Links to an external site.)Links to an external site. and other governments have been updated recently to reflect a better understanding of how people use passwords, and how to create usable, strong passwords. Your assignment is to act as a security consultant to the fictional company of ACME, Inc. You have been brought in to address issues of authentication inside the organization.
Currently the company requires 8 character passwords rotated every 30 days. The company currently has no multi-factor authentication option.
Your assignment is to choose one component of recommended authentication practice and present a persuasive presentation to convince executives at the company to adopt your recommendation. Your presentation should include the following components: Risks of the current policy (make some assumptions here if you have to. If you have previous employment experience, assume this company uses the same policy as your previous company. State what the policy is). Explain the weaknesses of the current approach. Description of your recommended solution: specific product recommendations, including costs if applicable. Costs and benefits of your proposed solution. Include a qualitative or quantitative risk analysis. Sources: When you make claims about security (which you should), back them up with sources.
Make sure you check out the content from Week 12 Videos before starting the assignment. Potential topics Multifactor authentication Enterprise password managers Password policy Other related ideas Deliverable
A 10-minute presentation (slides and presentation notes). You do not need to record the presentation, but your presentation materials should be complete with notes so that someone (like me) who is familiar with authentication security could give your presentation for you.