Authentication u0026 Password Security Quiz Quiz

1. Hashing Algorithms

   Which of the following hashing algorithms is generally considered the most secure option for storing passwords?

   1. MD5
   2. SHA-1
   3. bcrypt
   4. SHA-256
   5. Salted SHA-1

2. Salting Passwords

   What is the primary purpose of salting passwords before hashing them?

   1. To make the hashing process faster
   2. To reduce the storage space required for passwords
   3. To prevent rainbow table attacks
   4. To encrypt the password before hashing
   5. To simplify password recovery

3. Password Complexity

   Why is enforcing password complexity policies, such as requiring special characters, not always effective?

   1. Complex passwords are easy to remember
   2. Complex passwords are harder to crack with modern techniques
   3. Users often choose predictable patterns or slight variations, reducing their effectiveness.
   4. Complexity policies increase user satisfaction
   5. It prevents phishing attacks

4. Password Storage Best Practice

   Which of these is the best practice for storing passwords?

   1. Storing passwords in plain text
   2. Hashing passwords with MD5 without a salt
   3. Storing passwords using reversible encryption
   4. Hashing passwords using bcrypt with a unique salt for each user
   5. Storing passwords in a configuration file

5. Two-Factor Authentication

   What is the main advantage of using two-factor authentication (2FA)?

   1. It makes password reset easier
   2. It eliminates the need for passwords
   3. It adds an extra layer of security, even if the password is compromised
   4. It speeds up the login process
   5. It protects against brute-force attacks

6. Authentication Tokens

   What is the purpose of a JSON Web Token or JWT in authentication?

   1. To store passwords securely on the client-side
   2. To allow access to resources without re-authenticating for each request
   3. To encrypt sensitive data transmitted over the network
   4. To validate user input and prevent SQL injection attacks
   5. To manage user sessions using cookies

7. Rate Limiting

   Why is it important to implement rate limiting on authentication endpoints?

   1. To improve user experience by reducing login time
   2. To prevent denial-of-service (DoS) and brute-force attacks
   3. To reduce server load during peak traffic
   4. To comply with privacy regulations
   5. To improve search engine optimization (SEO)

8. Password Reset Flows

   In a secure password reset flow, what is crucial to prevent account takeover?

   1. Using a simple, predictable password reset token
   2. Sending the new password directly in the email
   3. Validating the user's email address and using a securely generated, time-limited token
   4. Not requiring email validation for password resets
   5. Making the password reset token valid indefinitely

9. Local Storage Security

   Which of the following statements is most accurate regarding storing authentication tokens in browser's local storage?

   1. Local storage is inherently secure and resistant to XSS attacks
   2. It's best for highly sensitive tokens as it is encrypted by default.
   3. Local storage is vulnerable to Cross-Site Scripting or XSS attacks, so tokens should be carefully managed and protected.
   4. Local storage is less vulnerable than cookies.
   5. Local storage automatically expires tokens.

10. Multi-Factor Authentication Methods

    Which of the following is a common method used for Multi-Factor Authentication?

    1. Using the same password across multiple sites
    2. Security questions with easily guessable answers
    3. Sending a one-time password via SMS or email
    4. Disabling browser security warnings
    5. Forwarding all your emails to a public address