Use this as a quick reference for the five password attack types, online vs. offline, hashing, and the four authentication factors.

🧭 Plot Summary
A password is only as strong as the system storing it. Well-designed systems never store your actual password — they store a hash, a one-way scrambled version created by feeding your password through a cryptographic hash function. Even a tiny change to the input completely changes the output, and there's no way to reverse a hash back into the original password.
But hashing alone isn't enough. Adversaries have built an entire toolkit for attacking passwords anyway — and knowing the difference between an online attack (happening live, against a real login page) and an offline attack (happening on the adversary's own machine, against a stolen hash database) is one of the most exam-relevant distinctions in this whole unit.
Five password attacks to know
What you will do in this lesson
- Read a login log and identify the signs of an in-progress password attack.
- Understand why hashing and salting keep stored passwords safe even in a data breach.
- Tell apart the five major password attack types — and which ones are online vs. offline.
- Learn the four authentication factors and why multifactor authentication matters.
- Configure real login and lockout settings on a virtual server.
Why it matters
Authentication is the front door to every system you'll ever secure. This is the first activity where you're not just discussing concepts — you're configuring real login settings on the PLTW virtual server, the same skill tested directly in AP FRQ Scenario 4B.
✅ Self-Check Before You Roll On
Check off each item as you get there. These are not grades — they are your own signal.