Password-less Authentication Methods
The first rule we are taught about cyber awareness and security is to never share your passwords with anyone. During a forensic investigation, it is not always possible to collect a user’s account without the username and password. Although there are ways to securely provide your password, we may be looking at a password-less future for forensic investigations.
When Passwords are Required
Understandably, a user may have reservations with providing a password at the time of a forensic collection. Whether the account owner re-uses the same password on separate accounts, or the user simply does not remember it obtaining passwords can be difficult. When it is required for the custodian to provide a password for collection, it is good practice to instruct the custodian to create a temporary password, keeping in mind the user will need remember this password at the time of the collection. Once the collection is complete, the temporary password can then be changed back to the original password.
In contrast to changing and/or sharing passwords, an efficient and affirming method for user account authentication, is the use of remote authenticators, which use account tokens, and the use of QR code verification when available. Neither methods require the sharing of passwords.
QR Code Authentication
QR codes have shown up mostly in the authentication of third-party messaging applications, such as WhatsApp, Viber, Telegram, and Discord. The account holder merely navigates to the respective settings for the application, and chooses to add a linked device, the device being that of the forensic analyst performing the collection. The account holder’s device then opens a QR reader and the QR code provided by the forensic analyst is scanned. Once this process is complete, the account in the tool performing the collection is authenticated. Not only does the user have peace of mind that their password has not been given, but the user can then revoke the authentication right from their device, at the completion of the collection.
Another alternative to authenticating third-party messaging app, like discussed above, is the authentication by text message. An analyst would need the phone number associated with the account to be collected. A two-factor code would be sent via text message to that phone number which can then be used by the forensic analyst to collect the data.
With remote authentication tokens, which we see available with utilizing tools like Forensic Email Collector (FEC) in the collection of email accounts such as Yahoo, the account holder is provided a download for an executable file. That file is then run on the account holder’s personal computer. The user can then type their account credentials in themselves, after which the tool generates a token. That token can then be securely shared to the forensic analyst and input into the collection tool, with no opportunity of the account’s password being viewed by the analyst.
While the use of password-less authentication is preferred and welcomed by Forensic Investigators, it is important to remember that as of now, it is not available for all collections. When required, keep in mind the ways to securely share your passwords, but as forensic collection tools evolve, we hope to see more password-less authentication methods adopted across multiple platforms. For more information about Vestige’s Digital Forensic Services contact us today.