Cybersecurity
Academy Introduction to Information Security Network Security Operating System Security Cryptography Web Security Mobile Security Cybersecurity Laws and Regulations Incident Response and Management Risk Assessment and Management Penetration Testing and Ethical Hacking Digital Forensics
CTF Platform Career Paths Certifications Security Tools Commands Cheatsheet Awareness Blog Pentest Wizard Finance Wizard About LinkedIn
Activity 5: Use Passwordless Authentication
Introduction to Information Security

In this practical activity, you will use passwordless authentication to secure one of your accounts.

30min Easy

Back to Course Labs »

The practical lab activities provided on this website are intended for educational purposes only. The activities are provided "as is" without any warranties, express or implied. The owner of this website shall not be liable for the actions of the users pertaining to perform these activities.
Important! It is illegal to perform any type of intrusion or hacking activities without explicit permission.
Significance: Passwords can be vulnerable to hacking and phishing attacks. Thus, being able to set up 2FA or passwordless authentication can help improve the security of your accounts.
Prerequisites: Access Control Module
Requirements: Authenticator App
Files: None
Related Videos: None
Task #1: Passwordless Authentication
By completing this task, will be able to improve the security of one of your accounts using passwordless authentication.

Passwordless Authentication is an authentication method that allows a user to gain access to an application, a service or a system without using a password or answering security questions. Instead, the user provides some other form of evidence such as biometric (fingerprint) or a token code.

An Authenticator app is a software-based authenticator that implements passwordless authneticaion and/or 2-factor authentication services, typically using the Time-based One-time Password (OTP) Algorithm. The user would get an OTP that expires

Microsoft Authenticator can be used to sign in to any Microsoft account, or any platform that integrates with with Microsoft Authentication Libraries, without using a password. Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric (e.g., mobile phone).

Expert Mode
  1. Choose any of your accounts (e.g., hotmail, gmail, Facebook, instagram, etc.) that supports passwordless or 2FA authentication
  2. Enable the available authentication method
  3. Use an Authenticator app (e.g., Microsoft Authenticator or Google Authenticator) to implement passwordless or 2FA authentication
  4. Test logging in using this new method.
Regular Mode
Show details »
    Instal the Authenticator app
  1. To install the Microsoft Authenticator app on an Android device, scan the QR code below or go to the download page on Google Play
    QR
  2. To install the Microsoft Authenticator app on an iOS device, scan the QR code below or go to the download page on App Store
    QR
    3. Enable Passwordless Authentication
  3. Sign in to any microsoft account you have (e.g., hotmail, outlook, office, etc.), or any acount service that integrates with Microsoft Authenticator
  4. Go to the "My Profile" section and click Security (may differ from one platform to another)
  5. Follow the steps provided on the account settings page to enable passwordless, 2FA, MFA, or any alternate authentication feature (the steps and names will differ from one platform to another)
    The above step will result in instructions or a QR code that you can use in the next step
    6. Set up the Authenticator app
  6. Open the Authenticator app and select the (+) in the upper right corner
  7. Point your camera at the QR code generated in the above step, or follow the instructions provided in your account settings
    8. Test Passwordless Authentication
  8. Sign out from the account you set up
  9. Sign is again
  10. You will be prompted to to send notification (i.e., to your mobile)
  11. You will then confirm or reject the signon request
    The last two steps may differ based on your account service, but a sample is shown in the screenshot below
    Microsoft Authenticator
Task #2: Securing Online Accounts
By completing this task, will have secured your important online accounts by using passwordless or 2FA authentication.
This is an independent task.
Expert & Regular Mode
  1. Secure your most important online accounts using 2FA or passwordless authentication.
Name
Red fields are required.
PIN
Fingerprint
Access Card
PIN
Fingerprint
Access Card
PIN
Fingerprint
Access Card
TRUE
FALSE

               
© Samer Aoudi 2005-2024

Introduction to Information Security