{"id":6296,"date":"2025-02-18T09:10:00","date_gmt":"2025-02-18T08:10:00","guid":{"rendered":"https:\/\/preventista.sk\/info\/?p=6296"},"modified":"2025-02-18T12:03:19","modified_gmt":"2025-02-18T11:03:19","slug":"prakticke-pouzivanie-multifaktorovej-autentizacie","status":"publish","type":"post","link":"https:\/\/preventista.sk\/info\/prakticke-pouzivanie-multifaktorovej-autentizacie\/","title":{"rendered":"Praktick\u00e9 pou\u017e\u00edvanie multifaktorovej autentiz\u00e1cie"},"content":{"rendered":"\n<p><strong>V tomto \u010dl\u00e1nku sa pozrieme bli\u017e\u0161ie na to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u010do je to multifaktorov\u00e1 autentiz\u00e1cia<\/strong><\/li>\n\n\n\n<li><strong>ako ochr\u00e1ni\u0165 svoje online kont\u00e1<\/strong><\/li>\n\n\n\n<li><strong>ako ochr\u00e1ni\u0165 aplik\u00e1cie na mobilnom telef\u00f3ne a mo\u017enosti na po\u010d\u00edta\u010di<\/strong><\/li>\n<\/ul>\n\n\n\n<div style=\"height:27px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"396\" data-attachment-id=\"6361\" data-permalink=\"https:\/\/preventista.sk\/info\/prakticke-pouzivanie-multifaktorovej-autentizacie\/multifaktor\/\" data-orig-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?fit=1104%2C624&amp;ssl=1\" data-orig-size=\"1104,624\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"multifaktor\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?fit=700%2C396&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?resize=700%2C396&#038;ssl=1\" alt=\"\" class=\"wp-image-6361\" style=\"width:474px;height:auto\" srcset=\"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?resize=700%2C396&amp;ssl=1 700w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?resize=450%2C254&amp;ssl=1 450w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?resize=320%2C181&amp;ssl=1 320w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?resize=768%2C434&amp;ssl=1 768w, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2025\/02\/multifaktor.png?w=1104&amp;ssl=1 1104w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n<\/div>\n\n\n<h1 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">\u010co je to multifaktorov\u00e1 autentiz\u00e1cia<\/mark><\/h1>\n\n\n\n<p>Na za\u010diatok si povedzme k\u00fasok te\u00f3rie. Autentiz\u00e1cia je sp\u00f4sob overenia, \u017ee entita (osoba, po\u010d\u00edta\u010d, slu\u017eba, \u2026) je naozaj t\u00fdm, za koho sa vyd\u00e1va. Sp\u00f4sobov, ako spravi\u0165 autentiz\u00e1ciu je ve\u013ea, je v\u0161ak mo\u017en\u00e9 ich rozdeli\u0165 pod\u013ea toho, ako funguj\u00fa, faktorov, na:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nie\u010do, \u010do m\u00e1m &#8211; napr. bankomatov\u00e1 karta, token, k\u013e\u00fa\u010d od mie\u0161a\u010dky, pe\u010datn\u00fd kr\u00e1\u013eovsk\u00fd prste\u0148 \u2026<\/li>\n\n\n\n<li>Nie\u010do, \u010do viem &#8211; PIN, heslo, zakl\u00ednadlo \u201cS\u00e9zam otvro sa!\u201d,&#8230;<\/li>\n\n\n\n<li>Nie\u010do, \u010d\u00edm som &#8211; odtla\u010dok prsta, geometria ruky, sietnice alebo tv\u00e1re, hlasov\u00e1 biometria, najkraj\u0161ie modr\u00e9 o\u010di Alaina Delona, \u2026<\/li>\n<\/ul>\n\n\n\n<p>Ka\u017ed\u00fd faktor m\u00e1 svoje v\u00fdhody, ale aj rizik\u00e1.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Faktor<\/strong><\/td><td><strong>V\u00fdhody<\/strong><\/td><td><strong>Nev\u00fdhody<\/strong><\/td><\/tr><tr><td>Nie\u010do, \u010do m\u00e1m<\/td><td>Nemus\u00edm si ni\u010d pam\u00e4ta\u0165.<\/td><td>Strata, po\u0161kodenie alebo kr\u00e1de\u017e.<\/td><\/tr><tr><td>Nie\u010do, \u010do viem<\/td><td>Neviem to strati\u0165\u2026<\/td><td>\u2026ale viem to zabudn\u00fa\u0165 alebo zap\u00edsa\u0165 na papier, ktor\u00fd si pre\u010d\u00edta niekto in\u00fd.<\/td><\/tr><tr><td>Nie\u010do, \u010d\u00edm som<\/td><td>Neviem to strati\u0165 a nemus\u00edm si ni\u010d pam\u00e4ta\u0165.<\/td><td>Niekto m\u00f4\u017ee vyu\u017ei\u0165 moju biometriu v pr\u00edpade, \u017ee le\u017e\u00edm opit\u00fd na lavi\u010dke v parku.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Na zmiernenie riz\u00edk vieme r\u00f4zne faktory kombinova\u0165, \u010d\u00edm dostaneme viacfaktorov\u00fa &#8211; multifaktorov\u00fa autentiz\u00e1ciu (MFA). Napr\u00edklad, ak heslu (nie\u010do, \u010do viem) prid\u00e1me priv\u00e1tny k\u013e\u00fa\u010d certifik\u00e1tu verejn\u00e9ho k\u013e\u00fa\u010da (nie\u010do, \u010do m\u00e1m), tak \u00fato\u010dn\u00edk nevie kr\u00e1de\u017eou (odpozeran\u00edm, uh\u00e1dnut\u00edm, \u2026) hesla z\u00edska\u0165 pr\u00edstup, nako\u013eko nem\u00e1 priv\u00e1tny k\u013e\u00fa\u010d. MFA v\u0161ak nie je dokonal\u00e1: pokia\u013e je v\u0161ak \u00fato\u010dn\u00edk kolega, ktor\u00fd heslo pre\u010d\u00edtal na l\u00edsto\u010dku prilepenom na monitore, zatia\u013e \u010do sedel za neuzamknut\u00fdm po\u010d\u00edta\u010dom, tak MFA nepom\u00f4\u017ee.&nbsp;<\/p>\n\n\n\n<p>MFA nie je kombin\u00e1cia rovnak\u00fdch faktorov &#8211; PIN aj heslo m\u00f4\u017eu by\u0165 nap\u00edsan\u00e9 ved\u013ea seba na papieriku.&nbsp;<\/p>\n\n\n\n<div style=\"height:39px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h1 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Praktick\u00e9 mo\u017enosti MFA na webov\u00fdch aplik\u00e1ci\u00e1ch<\/mark><\/h1>\n\n\n\n<p>Pri praktick\u00fdch mo\u017enostiach MFA za\u010dnime na od webov\u00fdch aplik\u00e1cii. D\u00f4vodom je:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;fat\u00e1lna expoz\u00edcia online konta v pr\u00edpade kompromit\u00e1cie faktoru &#8211; v pr\u00edpade, \u017ee niekto zist\u00ed na\u0161e prihlasovacie meno a heslo, je to game over; a<\/li>\n\n\n\n<li>&nbsp;spravidla obmedzen\u00e9 mo\u017enosti pou\u017eitia MFA.<\/li>\n<\/ul>\n\n\n\n<p>&nbsp;V praxi sa pou\u017e\u00edvaj\u00fa nasledovn\u00e9 mo\u017enosti:<\/p>\n\n\n\n<div style=\"height:35px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Jednorazov\u00e9 k\u00f3dy na SMS alebo email<\/mark><\/h2>\n\n\n\n<p>Pou\u017e\u00edvanie jednorazov\u00fdch k\u00f3dov (one-time pad &#8211; OTP) zasielan\u00fdch emailom alebo prostredn\u00edctvom SMS je pomerne jednoduch\u00e9 &#8211; posta\u010duje nastavi\u0165 emailov\u00fa adresu (pr\u00edpadne recovery email) alebo telef\u00f3nne \u010d\u00edslo. T\u00fato mo\u017enos\u0165 vyu\u017e\u00edva napr. Facebook.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcxLDNL3VejBkSIICqOwvU1HVBHo59R9mRfvsAVuKQAEuQFuWu4D8z30VdphiC_KDmvgJxlTG3WPJfUscZ32dpvTwUfv-LWgXKsx2UJY7fGTH1X2lqoC_CAD0i5_MSjIhNgCr5L5A?key=gCUsOqAsk52guGZfD_F-JL25\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<p>V\u00fdhodou je jednoduchos\u0165 z poh\u013eadu pou\u017e\u00edvate\u013ea. Nev\u00fdhodou je nie \u00faplne ide\u00e1lna bezpe\u010dnos\u0165 tohoto MFA. V pr\u00edpade vyu\u017eitia emailovej adresy je nev\u00fdhodou mo\u017enos\u0165 \u00faplnej kompromit\u00e1cie konta v pr\u00edpade kompromit\u00e1cie emailu: posta\u010duje resetovanie hesla (lebo forgotten password link pr\u00edde na email) a n\u00e1sledne OTP u\u017e doraz\u00ed na kompromitovan\u00fd email \u00fa\u010det. SMS s\u00fa lep\u0161ie v r\u00e1mci Slovenska, av\u0161ak v napr. v USA nie s\u00fa pravidl\u00e1 pre vydanie SIM karty tak\u00e9 striktn\u00e9 a je jednoduch\u0161ie vykona\u0165 tzv. SIM swap &#8211; t.j. previes\u0165 telef\u00f3nne \u010d\u00edslo obete na to\u010dn\u00edka. Tento \u00fatok je pomerne \u010dast\u00fd pre zauj\u00edmav\u00e9 cie\u013eov\u00e9 kont\u00e1 (napr. na kryptoburze, ak obsahuj\u00fa dostatok prostriedkov na odcudzenie).<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXddd0nlUQiMt4n8w33dVBA3EF4WMhs8kNCZRLTng_UBIcLbvdCKfLB58Bp_YrO7MD4bfPpg2q7399mHW6qob_e_EEfLMDOITaVjJUFK2N0bE9UYnzDE9VxeljhiXY0GUJo8yw6qZQ?key=gCUsOqAsk52guGZfD_F-JL25\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\"><em>Obr.: pr\u00edklad ve\u013ekej kr\u00e1de\u017ee, pri ktorej hral \u00falohu aj SIM-swap. Cel\u00fd \u010dl\u00e1nok tu: <\/em><a href=\"https:\/\/krebsonsecurity.com\/2024\/02\/arrests-in-400m-sim-swap-tied-to-heist-at-ftx\/\"><em>https:\/\/krebsonsecurity.com\/2024\/02\/arrests-in-400m-sim-swap-tied-to-heist-at-ftx\/<\/em><\/a><em>&nbsp;<\/em><\/p>\n\n\n\n<div style=\"height:32px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">OTP aplik\u00e1cia<\/mark><\/h2>\n\n\n\n<p>Lep\u0161\u00edm sp\u00f4sobom je vyu\u017eitie OTP aplik\u00e1cie, ktor\u00e1 vygeneruje OTP k\u00f3d s platnos\u0165ou obvykle 30 sek\u00fand alebo zobraz\u00ed push notifik\u00e1ciu, ktor\u00fa je potrebn\u00e9 potvrdi\u0165. V niektor\u00fdch pr\u00edpadoch vyu\u017e\u00edva webov\u00e1 aplik\u00e1cia ako OTP aplik\u00e1ciu svoju vlastn\u00fa mobiln\u00fa aplik\u00e1ciu &#8211; takto funguje napr. LinkedIn soci\u00e1lna sie\u0165, kde je druh\u00fdm faktorom potvrdenie push spr\u00e1vy v mobilnej aplik\u00e1cii LinkedIn.<\/p>\n\n\n\n<p>Pridanie OTP funguje potom spravidla prostredn\u00edctvom QR k\u00f3dov:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXe1GsMG4LyfSvT-rPzDvYN4bhsaHpejc16WMkQVoEIfqwQNduOWaWCjhJ2OV6i_jxRfJBnM8QqdhgxCj_MOMzsvA1wxUtlv9sG15bseIgEeWjJYQ7MniB7WZgE-fjtpOzAni5sX?key=gCUsOqAsk52guGZfD_F-JL25\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\"><em>Obr.: pr\u00edklad pridania OTP aplik\u00e1cie do aplik\u00e1cie booking.com<\/em><\/p>\n\n\n\n<div style=\"height:42px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Podrobnej\u0161\u00ed n\u00e1vod s vyu\u017eit\u00edm OTP aplik\u00e1cie <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.authy.authy&amp;hl=en-US\"><strong>Authy<\/strong><\/a> je napr. tu: <a href=\"https:\/\/www.techrepublic.com\/article\/how-to-use-authy\/\">https:\/\/www.techrepublic.com\/article\/how-to-use-authy\/<\/a>&nbsp;<\/p>\n\n\n\n<p>OTP aplik\u00e1cie s\u00fa v\u00e4\u010d\u0161inou kompatibiln\u00e9 bu\u010f s Microsoft Authenticator alebo Google authenticator svetom. OTP aplik\u00e1cia je jednoducho nain\u0161talovan\u00e1 cez Google play store alebo Apple App Store. V pr\u00edpade iOS sveta z\u00e1rove\u0148 plat\u00ed, \u017ee aplik\u00e1cia je z\u00e1lohovan\u00e1 aj s priv\u00e1tnou \u010das\u0165ou a jednoducho obnovite\u013en\u00e1 na nov\u00fd telef\u00f3n. V pr\u00edpade Android v\u0161ak nemusia veci \u00eds\u0165 tak hladko a v takom pr\u00edpade ocen\u00edte aplik\u00e1ciu, ktor\u00e1 m\u00e1 vyrie\u0161en\u00e9 z\u00e1lohovanie cez cloud (vlastn\u00fd alebo Google drive) alebo z\u00e1lohou do extern\u00e9ho s\u00faboru (pokia\u013e cloudu ned\u00f4verujete). Takouto aplik\u00e1ciou m\u00f4\u017ee by\u0165 napr. <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.beemdevelopment.aegis\"><strong>Aegis<\/strong><\/a>. Pridanou hodnotou aplik\u00e1cie Aegis je mo\u017enos\u0165 importu a exportu jednotliv\u00fdch seedov v otvorenom form\u00e1te a mo\u017enos\u0165 okam\u017eit\u00e9ho zmazania cez panic alert funkcionalitu.&nbsp;<\/p>\n\n\n\n<p>V pr\u00edpade, \u017ee si pri mobilnej aplik\u00e1cii vol\u00edte medzi OTP k\u00f3dom alebo push notifik\u00e1ciou, je vhodn\u00e9 zv\u00e1\u017ei\u0165 riziko pri oboch met\u00f3dach. Pou\u017eitie OTP k\u00f3du znamen\u00e1 pre \u00fato\u010dn\u00edka potrebu uh\u00e1dnu\u0165 spravidla 6 miestny k\u00f3d, t.j. \u0161ancu 1:1 000 000. Pri pou\u017eit\u00ed push notifik\u00e1cie v\u0161ak \u00fato\u010dn\u00edk m\u00f4\u017ee vyu\u017ei\u0165 tzv. push bombing &#8211; t.j. bombardova\u0165 pou\u017e\u00edvate\u013ea push notifik\u00e1ciami dovtedy, k\u00fdm niektor\u00fa z nich nepotvrd\u00ed.<\/p>\n\n\n\n<div style=\"height:34px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">U2F a FIDO2<\/mark><\/h2>\n\n\n\n<p>FIDO2 tu spom\u00edname ako alternat\u00edvu k hesl\u00e1m &#8211; nie MFA. FIDO je aliancia pre bezheslov\u00fa autentifik\u00e1ciu, ktor\u00e1 vyvinula \u0161tandardy U2F a FIDO2 adoptovan\u00e9 viacer\u00fdmi v\u00fdrobcami opera\u010dn\u00fdch syst\u00e9mov a prehliada\u010dov.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfg-tDuBiB0Igev9ngsxOq4UkFNaHdXlGhkNMsMGjE0ZFwLU8fp6DFc5jT11EgiDn7IGYH3LLDj0bKoQEdFll8GSTrKAdghuChdXNvqO-gFSIoO1SHaJJ-v79tLVOwmMqs29zz7QQ?key=gCUsOqAsk52guGZfD_F-JL25\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<p><em>Obr.: Podpora U2F a FIDO2. Obr\u00e1zok prevzat\u00fd z <\/em><a href=\"https:\/\/hideez.com\/blogs\/news\/fido2-explained\"><em>https:\/\/hideez.com\/blogs\/news\/fido2-explained<\/em><\/a><em>&nbsp;<\/em><\/p>\n\n\n\n<p>Preh\u013ead podporovan\u00fdch slu\u017eieb je mo\u017en\u00e9 pozrie\u0165 <a href=\"https:\/\/hideez.com\/pages\/supported-services\">tu<\/a>. U2F a FIDO2 je mo\u017en\u00e9 pou\u017e\u00edva\u0165 bu\u010f na jednom zariaden\u00ed alebo viacer\u00fdch (dokonca naprie\u010d platformami). Na pou\u017eitie na viacer\u00fdch zariadeniach je potrebn\u00e9 ma\u0165 bu\u010f hardv\u00e9rov\u00fd k\u013e\u00fa\u010d alebo mobiln\u00fa aplik\u00e1ciu.<\/p>\n\n\n\n<p>Pre pou\u017eitie U2F je zauj\u00edmavou mo\u017enos\u0165ou vyu\u017eitie hardv\u00e9rov\u00e9ho k\u013e\u00fa\u010da <a href=\"https:\/\/trezor.io\/\">Trezor<\/a>, nako\u013eko pri strate, po\u0161koden\u00ed alebo kr\u00e1de\u017ei k\u013e\u00fa\u010da je mo\u017en\u00e9 jednoducho obnovi\u0165 pomocou tajn\u00fdch slov kryptografick\u00fd k\u013e\u00fa\u010d na inom trezore. Konfigur\u00e1cia nie je ove\u013ea <a href=\"https:\/\/blog.trezor.io\/secure-two-factor-authentication-with-trezor-u2f-e940fd5a60af?gi=b005660ffc7b\">zlo\u017eitej\u0161ia<\/a> ako vyu\u017eitie QR k\u00f3du a mobilnej aplik\u00e1cie.<\/p>\n\n\n\n<div style=\"height:34px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h1 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Praktick\u00e9 mo\u017enosti MFA na smartf\u00f3ne<\/mark><\/h1>\n\n\n\n<p>Pri praktick\u00fdch mo\u017enostiach MFA pokra\u010dujme na smartf\u00f3ne. D\u00f4vod je obmedzenej\u0161ie mo\u017enosti oproti klasick\u00e9mu po\u010d\u00edta\u010du alebo notebooku. Smartf\u00f3n m\u00e1 toti\u017e ako vstup k dispoz\u00edcii virtu\u00e1lnu kl\u00e1vesnicu, kameru a sn\u00edma\u010d odtla\u010dku prsta. Prep\u00e1ja\u0165 smartf\u00f3n a hardv\u00e9rov\u00fd k\u013e\u00fa\u010d, alebo \u010dipov\u00fa kartu je probl\u00e9m. V r\u00e1mci smartf\u00f3nu prebieha autentifik\u00e1cia spravidla na dvoch miestach:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Pri odomknut\u00ed smartf\u00f3nu (screen lock)<\/li>\n\n\n\n<li>Pri pr\u00edstupe do aplik\u00e1cie<\/li>\n<\/ol>\n\n\n\n<p>Ani jedno z miest neumo\u017e\u0148uje konfigur\u00e1ciu MFA, av\u0161ak je mo\u017en\u00e9 skombinova\u0165 tieto dve miesta autentifik\u00e1cie tak, aby sme MFA dosiahli. Nie je napr\u00edklad vhodn\u00e9 ma\u0165 biometrick\u00e9 overenie na v\u0161etk\u00fdch miestach &#8211; v pr\u00edpade, \u017ee le\u017e\u00edm opit\u00fd na lavi\u010dke v parku m\u00f4\u017ee ktoko\u013evek mojim prstom alebo tv\u00e1rou odomkn\u00fa\u0165 telef\u00f3n a n\u00e1sledne napr. posla\u0165 peniaze z bankovej aplik\u00e1cie alebo kryptope\u0148a\u017eenky, prist\u00fapi\u0165 na citliv\u00e9 d\u00e1ta alebo hesl\u00e1 v mana\u017e\u00e9ri hesiel.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcsxcHZL9uko5Eq5k2l2CdlCKnxCywwZ2lJhfs1x_ATvrPQzdpBrypQxXntf4Bg6bZjVmHZPu4yKEGMsgUt7prYqjI-pPT3HTABXS3SPmxY9GSqXdksBavxrVN759msPAzzwFcHEQ?key=gCUsOqAsk52guGZfD_F-JL25\" alt=\"\"\/><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\"><em>Obr.: odpozeranie PIN-u cez rameno (shoulder surfing) je taktikou zlodejov. Cel\u00fd \u010dl\u00e1nok k dizpoz\u00edcii tu: <\/em><a href=\"https:\/\/www.bbc.co.uk\/news\/business-65456325\"><em>https:\/\/www.bbc.co.uk\/news\/business-65456325<\/em><\/a><em>&nbsp;<\/em><\/p>\n\n\n\n<div style=\"height:33px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Je preto vhodn\u00e9 pou\u017e\u00edva\u0165 kombin\u00e1ciu biometrie &#8211; napr. na jednoduch\u00e9 odomykanie telef\u00f3nu a PIN-ov alebo hesiel na pr\u00edstup k citliv\u00fdm aplik\u00e1ci\u00e1m, ktor\u00e9 umo\u017e\u0148uj\u00fa:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nar\u00e1ba\u0165 s peniazmi, alebo finan\u010dn\u00fdmi akt\u00edvami<\/li>\n\n\n\n<li>Pristupova\u0165 k citliv\u00fdm \u00fadajom (hesl\u00e1, citiv\u00e9 pozn\u00e1mky, firemn\u00e9 \u00fadaje)&nbsp;<\/li>\n<\/ul>\n\n\n\n<div style=\"height:32px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h1 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Praktick\u00e9 mo\u017enosti MFA na po\u010d\u00edta\u010di<\/mark><\/h1>\n\n\n\n<p>V pr\u00edpade pou\u017eitia MS Windows je <a href=\"https:\/\/medium.com\/thesecmaster\/how-to-set-up-multifactor-authentication-on-your-windows-11-6e873f558db1\">mo\u017en\u00e9<\/a> aplikova\u0165 ochranu Office 365 konta aj na prihl\u00e1senie sa do opera\u010dn\u00e9ho syst\u00e9mu. Analogicky je <a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-configure-multi-factor-authentication-on-ubuntu-18-04\">mo\u017en\u00e9<\/a> aplikova\u0165 MFA pre PAM na Linuxov\u00fdch syst\u00e9moch, pr\u00edpadne na <a href=\"https:\/\/www.youtube.com\/watch?v=opHcAGJIidc&amp;pp=ygUXc2V0dXAgTUZBIGZvciBNYWMgbG9naW4%3D\">Mac<\/a>-u. Jednotliv\u00e9 mo\u017enosti sa opakuj\u00fa: OTP aplik\u00e1cia, hardv\u00e9rov\u00fd k\u013e\u00fa\u010d, biometria prostred\u00edctvom geometrie tv\u00e1re (kamera) alebo odtla\u010dku prsta (sn\u00edma\u010d odtla\u010dku na notebookoch). Ot\u00e1zka je, nako\u013eko je to praktick\u00e9? V pr\u00edpade online konta je kompromit\u00e1cia hesla ako jedin\u00e9ho faktoru fat\u00e1lna, nako\u013eko umo\u017e\u0148uje \u00fato\u010dn\u00edkovi prihl\u00e1senie sa pod va\u0161im kontom cez internet. V pr\u00edpade pr\u00edstupu do opera\u010dn\u00e9ho syst\u00e9mu v\u0161ak potrebuje \u00fato\u010dn\u00edk spravidla aj fyzick\u00fd pr\u00edstup k v\u00e1\u0161mu dom\u00e1cemu po\u010d\u00edta\u010du alebo notebooku (teraz abstrahujme od prihl\u00e1senia sa prostredn\u00edctvom po\u010d\u00edta\u010dovej siete). V pr\u00edpade notebooku existuje riziko neopr\u00e1vnen\u00e9ho pr\u00edstupu napr. pri kr\u00e1de\u017ei, av\u0161ak toto je mo\u017en\u00e9 vyrie\u0161i\u0165 kombin\u00e1ciou \u0161ifrovania cel\u00e9ho disku a siln\u00e9ho hesla (ktor\u00e9 nebude nalepen\u00e9 na notebooku).<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h1 class=\"wp-block-heading\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-cyan-blue-color\">Zhrnutie<\/mark><\/h1>\n\n\n\n<p>MFA je opatrenie, ktor\u00e9 ochr\u00e1ni n\u00e1\u0161 pr\u00edstup pri kompromit\u00e1cii niektor\u00e9ho z faktorov, spravidla hesla. MFA m\u00e1 zmysel pou\u017e\u00edva\u0165 tam, kde je riziko kompromit\u00e1cie faktorov v\u00fdznamn\u00e9. Preto m\u00e1 v\u00e4\u010d\u0161\u00ed zmysel pou\u017e\u00edva\u0165 MFA na ochranu v\u0161etk\u00fdch na\u0161ich online kont, av\u0161ak men\u0161\u00ed zmysel na prihl\u00e1senie do opera\u010dn\u00e9ho syst\u00e9mu dom\u00e1ceho po\u010d\u00edta\u010da. MFA nie je v\u0161eliek a dodato\u010dn\u00fd faktor m\u00f4\u017ee by\u0165 n\u00e1chyln\u00fd k dodato\u010dn\u00fdm \u00fatokom ako SIM swap alebo push bombing. Pou\u017eitie hardv\u00e9rov\u00e9ho tokenu m\u00f4\u017ee by\u0165 najbezpe\u010dnej\u0161\u00edm, av\u0161ak aj technicky najn\u00e1ro\u010dnej\u0161\u00edm rie\u0161en\u00edm. Pri pou\u017eit\u00edm dodato\u010dn\u00e9ho faktoru nezabudnite najm\u00e4 na potreby obnovy faktoru v pr\u00edpade kompromit\u00e1cie, alebo napr. straty mobiln\u00e9ho telef\u00f3nu (aj s OTP aplik\u00e1ciou).<\/p>\n\n\n\n<div style=\"height:52px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>V tomto \u010dl\u00e1nku sa pozrieme bli\u017e\u0161ie na to: \u010co je to multifaktorov\u00e1 autentiz\u00e1cia Na za\u010diatok si povedzme k\u00fasok te\u00f3rie. Autentiz\u00e1cia je sp\u00f4sob overenia, \u017ee entita (osoba, po\u010d\u00edta\u010d, slu\u017eba, \u2026) je naozaj t\u00fdm, za koho sa vyd\u00e1va. Sp\u00f4sobov, ako spravi\u0165 autentiz\u00e1ciu je ve\u013ea, je v\u0161ak mo\u017en\u00e9 ich rozdeli\u0165 pod\u013ea toho, ako funguj\u00fa, faktorov, na: Ka\u017ed\u00fd faktor [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[32,72],"class_list":["post-6296","post","type-post","status-publish","format-standard","hentry","category-itbezp","tag-bezpecnost","tag-heslo"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":4045,"url":"https:\/\/preventista.sk\/info\/top10-autorov-sutaze-informacna-bezpecnost-ja-a-moja-skola-5\/","url_meta":{"origin":6296,"position":0},"title":"TOP10 autorov s\u00fa\u0165a\u017ee Informa\u010dn\u00e1 bezpe\u010dnos\u0165, ja a moja \u0161kola","author":"Redakcia","date":"26. janu\u00e1ra 2021","format":false,"excerpt":"Le\u00f3n \u0160ikorsk\u00fd, Evanjelick\u00e9 gymn\u00e1zium J.Tranovsk\u00e9ho, Liptovsk\u00fd Mikul\u00e1\u0161 Informa\u010dn\u00e1 bezpe\u010dnos\u0165 pre m\u0148a ako \u0161tudenta gymn\u00e1zia neznamen\u00e1 ve\u013emi ve\u013ea, alebo aspo\u0148 som sa o \u0148u ve\u013emi nezauj\u00edmal. Ke\u010f\u017ee ale str\u00e1vim pod\u013ea m\u00f4jho m\u00fadreho telef\u00f3nu pri obrazovke v priemere viacej ako tri a pol hodiny denne, a teraz, v dobe ke\u010f mus\u00edme osta\u0165\u2026","rel":"","context":"V &quot;S\u00fa\u0165a\u017ee&quot;","block_context":{"text":"S\u00fa\u0165a\u017ee","link":"https:\/\/preventista.sk\/info\/category\/akcie\/sutaze\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2020\/11\/s%C3%BAta%C5%BE-Report%C3%A9r-mini.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2846,"url":"https:\/\/preventista.sk\/info\/virtualny-svet-a-realne-nebezepecenstva\/","url_meta":{"origin":6296,"position":1},"title":"VIRTU\u00c1LNY SVET A RE\u00c1LNE NEBEZEPE\u010cENSTV\u00c1","author":"Redakcia","date":"24. septembra 2015","format":false,"excerpt":"V spolupr\u00e1ci ob\u010dianskeho zdru\u017eenia PREVENTISTA \u2013 zdru\u017eenie pre bezpe\u010dnos\u0165 a\u00a0prevenciu, Finan\u010dnej spr\u00e1vy SR, Ministerstva vn\u00fatra SR, CPPPaP Lu\u010denec a\u00a0\u010fal\u0161\u00edch partnerov sa d\u0148a 16.9.2015\u00a0 v\u00a0Lu\u010denci uskuto\u010dnil pracovn\u00fd workshop pre preventistov, pedag\u00f3gov a\u00a0odborn\u00fa verejnos\u0165 s\u00a0n\u00e1zvom \u201eVirtu\u00e1lny svet a\u00a0re\u00e1lne nebezpe\u010denstv\u00e1\u201c. Obsah workshopu bol zameran\u00fd na spektrum t\u00e9m z\u00a0oblasti riz\u00edk internetov\u00e9ho sveta a\u00a0soci\u00e1lnych siet\u00ed.\u2026","rel":"","context":"V &quot;Aktu\u00e1lne&quot;","block_context":{"text":"Aktu\u00e1lne","link":"https:\/\/preventista.sk\/info\/category\/akcie\/aktualne\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/09\/workshop.png?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/09\/workshop.png?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/09\/workshop.png?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2015\/09\/workshop.png?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":661,"url":"https:\/\/preventista.sk\/info\/je-to-spam-alebo-skutocny-email\/","url_meta":{"origin":6296,"position":2},"title":"SPAM vs. MAIL","author":"T.Paulus","date":"29. j\u00fala 2013","format":false,"excerpt":"Je to SPAM alebo skuto\u010dn\u00fd email ? Ko\u013eko \u013eud\u00ed v\u00a0dne\u0161nej vyp\u00e4tej dobe m\u00e1 \u010das polo\u017ei\u0165 si pr\u00e1ve t\u00fato jednu ot\u00e1zku? Je v\u0161ak ve\u013emi d\u00f4le\u017eit\u00e9 pre Va\u0161u osobn\u00fa bezpe\u010dnos\u0165 uva\u017eova\u0165 nad t\u00fdm, ak\u00fd druh spr\u00e1vy otv\u00e1rate vo svojej emailovej schr\u00e1nke. Predstavte si, \u017ee by v\u00e1m po\u0161t\u00e1r doniesol domov \u010derven\u00fa ob\u00e1lku s\u00a0n\u00e1pisom\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"email","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/email.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/email.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/email.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/07\/email.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1518,"url":"https:\/\/preventista.sk\/info\/opat-tema-notebooky\/","url_meta":{"origin":6296,"position":3},"title":"Op\u00e4\u0165 t\u00e9ma notebooky","author":"J. Oster","date":"12. okt\u00f3bra 2013","format":false,"excerpt":"\u017divot bez notebooku, netbooku \u010di tabletu si dnes dok\u00e1\u017ee predstavi\u0165 m\u00e1loktor\u00fd mana\u017e\u00e9r a ur\u010dite nie len mana\u017e\u00e9r, ale takmer ka\u017ed\u00fd.\u00a0 Diskusie o hodnote notebooku ako pracovn\u00e9ho n\u00e1stroja s\u00fa \u010dasto ve\u013emi b\u00farlivou t\u00e9mou st\u00e1le ved\u00facou k\u00a0tomu ist\u00e9mu z\u00e1veru \u2013 notebook \u00a0nie je pova\u017eovan\u00fd za probl\u00e9m a\u017e do okamihu ke\u010f d\u00f4jde k\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"macbook","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/laptop.jpg?fit=700%2C400&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/laptop.jpg?fit=700%2C400&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/laptop.jpg?fit=700%2C400&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2013\/10\/laptop.jpg?fit=700%2C400&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":4073,"url":"https:\/\/preventista.sk\/info\/buducnost-utokov-v-informacnej-bezpecnosti\/","url_meta":{"origin":6296,"position":4},"title":"Bud\u00facnos\u0165 \u00fatokov v Informa\u010dnej bezpe\u010dnosti","author":"Marek Zeman","date":"8. janu\u00e1ra 2021","format":false,"excerpt":"Prin\u00e1\u0161ame v\u00e1m s\u00e9riu \u010dl\u00e1nkov, ktor\u00e9 sa zaoberaj\u00fa bud\u00facim v\u00fdvojom zlo\u010dinnosti v oblasti Informa\u010dnej bezpe\u010dnosti. Na\u0161im cie\u013eom je predstavi\u0165 typy \u00fatokov, s\u00a0ktor\u00fdmi sa budeme stret\u00e1va\u0165. \u00dalohou \u010dl\u00e1nkov je pouk\u00e1za\u0165 na mo\u017en\u00e9 hrozby a\u00a0umo\u017eni\u0165 zodpovedn\u00fdm osob\u00e1m sa na hrozby pripravi\u0165. Na ak\u00fd typ \u00fatokov sa mus\u00edme pripravi\u0165? Ak chceme rozpr\u00e1va\u0165 o tom,\u2026","rel":"","context":"V &quot;Bezpe\u010dnos\u0165&quot;","block_context":{"text":"Bezpe\u010dnos\u0165","link":"https:\/\/preventista.sk\/info\/category\/itbezp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2021\/01\/cyberattack-e1610103949743.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":4000,"url":"https:\/\/preventista.sk\/info\/top10-autorov-sutaze-informacna-bezpecnost-ja-a-moja-skola-2\/","url_meta":{"origin":6296,"position":5},"title":"TOP10 autorov s\u00fa\u0165a\u017ee Informa\u010dn\u00e1 bezpe\u010dnos\u0165, ja a moja \u0161kola","author":"Redakcia","date":"5. janu\u00e1ra 2021","format":false,"excerpt":"Simona Kraj\u0148\u00e1kov\u00e1, Gymn\u00e1zium Jana Raymana Pre\u0161ov Inform\u00e1cie a bezpe\u010dnos\u0165. Tieto dva pojmy s\u00fa sklo\u0148ovan\u00e9 pomerne \u010dasto. \u010ci u\u017e osobitne alebo ako jeden pojem ,INFORMA\u010cN\u00c1 BEZPE\u010cNOS\u0164, v s\u00fa\u010dasnosti d\u00f4le\u017eitej\u0161\u00ed ako kedyko\u013evek predt\u00fdm Pre\u010do je informa\u010dn\u00e1 bezpe\u010dnos\u0165 tak d\u00f4le\u017eit\u00e1 ?T\u00fato ot\u00e1zku si klad\u00fa \u017eiaci a \u0161tudenti, predov\u0161etk\u00fdm v dobe, ke\u010f sme zahlcovan\u00ed\u2026","rel":"","context":"V &quot;S\u00fa\u0165a\u017ee&quot;","block_context":{"text":"S\u00fa\u0165a\u017ee","link":"https:\/\/preventista.sk\/info\/category\/akcie\/sutaze\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/preventista.sk\/info\/wp-content\/uploads\/2020\/11\/s%C3%BAta%C5%BE-Report%C3%A9r-mini.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/6296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/comments?post=6296"}],"version-history":[{"count":5,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/6296\/revisions"}],"predecessor-version":[{"id":6362,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/posts\/6296\/revisions\/6362"}],"wp:attachment":[{"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/media?parent=6296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/categories?post=6296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/preventista.sk\/info\/wp-json\/wp\/v2\/tags?post=6296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}