APPLICABLE ASPECTS OF AUTHENTICATION DATA PROTECTION

This article covers the issues of applicable user`s authentication data protection at critical infrastructure objects. It considers the procedure for software and encryption facilities in order of application of organizational and technical methods to prevent loss of authentication data at critical infrastructure objects. The Article provides examples for use of open source software KeePass to create the protected and transparent in use of user`s authentication database. The Article provides the basic list of recommended extensions (plugins) for users. Considers the possibility of users` autonomous verification of their acting passwords on matching compromised passwords hash file HaveIBeenPwned. USB-carrier with hardware encryption is proposed for authentication database and ensures its mobility. Suggested provides the user with encrypted database to store the authentication data, and use the automatic procedure for authentication of applications and web-services, have few levels of software and hardware protection, which on one hand simplifies the use of authentication data in execution of applicable security policies and reduce the feasibility of its discreditation, and on the other hand increase the feasibility to block the abusive actions of third parties by means of multi-level protection system. Checked the ability for additional encryption of configuration file by means of runtime environment and ability to use the certificate which is stored at eToken. The provided model for procedure implementation combines the software and hardware encryption to protect the confidential authentication data. It considers the practical experience for creation of model procedures for confidential information protection to develop, implement and manage the modern policies of informational security related to cryptographic protection of authentication data at critical infrastructure objects.