• Online, Self-Paced
Course Description

Without the ability to gain entry to a network, hackers are powerless, so establishing effective authorization protocols is vital. In this course, you'll learn about key authentication concepts and best practices such as identification, user authentication components, the user logon process, and how to effectively manage user account credentials. This course also covers registration security, including how to use Completely Automated Public Turing test to tell Computers and Humans Apart or CAPTCHA, and enabling two-step verification. Finally, this course introduces password security best practices, including establishing password strength, complexity, and age criteria.

Learning Objectives

Authentication and Authorization Concepts

  • start the course
  • describe characteristics of the authentication and identification process and the relationship between them
  • distinguish between the three user authentication components and how they interrelate
  • distinguish between the different types of authentication
  • describe characteristics of authorization
  • identify the phases of the user logon process


  • identify characteristics and purpose of credentials
  • identify characteristics of password credentials
  • identify characteristics of asymmetric key credentials for authentication
  • identify characteristics of biometric credentials
  • identify characteristics of ticket-based hybrid authentication credentials

User Account Registration Security

  • describe characteristics and purpose of secure user account registration policies and practices
  • describe best practices for securing usernames and user identifiers
  • identify best practices for account registration verification
  • identify best practices and purpose of using Completely Automated Public Turing test to tell Computers and Humans Apart or CAPTCHA for user account registration and set-up
  • describe purpose and best practices for implementing two-step verification in user account registration policies
  • describe best practices for preventing username enumeration as part of user account registration security

Password Security Requirements

  • describe best practices for setting minimum password strength criteria policies
  • identify password length, width, and depth requirements that can enhance password security
  • identify best practices for password field security
  • describe techniques for providing feedback to users on password strength
  • describe benefits and best practices for enforcing password history policies
  • describe benefits and best practices for setting minimum and maximum password age requirements
  • identify best practices for preventing password hack attempts

Practice: Enable Secure Registration and Passwords

  • identify appropriate user account registration and password best practices

Framework Connections

Specialty Areas

  • Cybersecurity Management