🔐

Security's Three A's Overview

Jun 24, 2025

Overview

This lecture introduces the three A's of security: authentication, authorization, and accounting, with a focus on effective password practices and the balance between security and usability.

The Three A's of Security

  • Authentication verifies an entity’s identity, usually with a username and password.
  • Identification uniquely describes an entity, such as using an email address.
  • Authorization (AuthZ) determines which resources an authenticated user can access.
  • Accounting tracks user activities for auditing and compliance purposes.

Authentication vs. Authorization

  • Authentication proves you are who you claim, e.g. entering a password for an email account.
  • Authorization allows or restricts access to resources based on the authenticated identity, e.g. seeing only your email inbox.

Password Strength and Security

  • Strong passwords are long and complex, using uppercase, lowercase, numbers, and symbols.
  • Simple passwords like “ponies” are weak and easily cracked by brute force or dictionary attacks.
  • Increasing complexity improves security but reduces memorability, highlighting the trade-off between security and usability.
  • Substituting numbers and symbols for letters (e.g. “P0n!3z”) is common but can be anticipated by attackers.

Password Policy Best Practices

  • Enforce minimum password length and complexity requirements.
  • Avoid dictionary words within passwords.
  • Never write down, reuse, or share passwords.
  • Implement password rotation, but avoid overly frequent changes to reduce poor practices.
  • Excessively strict policies may lead users to insecure behaviors, such as writing down passwords.

Security vs. Usability

  • More secure systems are often less usable (e.g. disconnected computers are secure but not useful).
  • Aim for a balance where passwords are both secure and reasonably memorable.

Key Terms & Definitions

  • Authentication — verifying the claimed identity of a user.
  • Authorization — determining which resources a user can access.
  • Identification — the process of uniquely describing a user or entity.
  • Password Hygiene — maintaining secure practices in password creation and management.

Action Items / Next Steps

  • Review your password practices to ensure they follow recommended strength and hygiene guidelines.
  • Examine organizational password policies for appropriate balance between security and usability.
  • Read about authentication, authorization, and accounting protocols used in industry.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/hZT2ubQCTkOoTCA33jz0Pw.processed/full/720p/index.mp4?Expires=1750896000&Signature=BaJWmEYYGZc2jzXwXwiv~utp7WMHtmCbmjCgOvspG9C2j~mjBbir0BboMZikZ5QCVBQyATntUgDzzxIiyDApvwkwzOEHR-mMSQMcx-4jArL7AMU-WVcHa28xCmFS~nvJ0vHG19mfBpwK8t9Kek1Cuwn2bzL~d8d5VT8Vxn~mbRY_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A