Abstract: It is well-known that passwords and their hashes can often be copied and reused by malicious cyber actors. Requiring smartcards or other hard tokens enables stronger authentication because they cannot be copied. Such a token can used by an adversary while the legitimate user is using it if an adversary has compromised the user's device, but not at other times or directly from other devices. When smartcards, are required to login to Windows® Active Directory® (AD) Domains, a random password is created and its hash is associated with the account. This allows the device (via the user's account) to use legacy authentication protocols such as NTLM to gain access to resources. In this case, the long random password is better than most user-chosen.
Date Published: 22 November 2016
Last Reviewed: 22 November 2016
Identifier: ORN U/OO/803300-16
Creator: Dedicated Support Communicators
Dissemination Control: N/A
Length: 2 page(s)