1. Introduction

In database security, two foundational concepts work hand-in-hand to protect data: Authentication and Authorization.

• Authentication (AuthN): The process of verifying a user's identity. It answers the question, "Are you who you say you are?" Authentication acts as the primary gateway, requiring credentials (like a username and password) to allow entry into the system.
• Authorization (AuthZ): The process of determining what actions a verified user is permitted to perform. It answers the question, "What are you allowed to do?" Once a user is authenticated, authorization ensures they can only access the data or commands they have been granted permission to use.

This experiment focuses exclusively on Authentication. By rigorously verifying identities, the system prevents unauthorized entry. We will explore the configuration and management of user accounts and password policies to ensure only legitimate users can access the database system.

2. Password Policies

2.1 User Account Management

The first step in securing a database is creating specific user accounts. Unlike generic accounts, individual accounts allow for precise tracking and accountability.

• Identification: Every user is assigned a unique username.
• Verification: Every account is secured with a password or another verification method to confirm identity.

2.2 Security and Password Policies

Creating an account is only half the battle. To prevent unauthorized access via stolen or guessed credentials, database systems enforce several security policies:

• Password Complexity: Ensures passwords are not easily guessable by requiring a mix of characters (uppercase, lowercase, numbers, and symbols).
• Password Expiry: Regularly forcing users to update their passwords reduces the window of opportunity for attackers who might have stolen old credentials.
• Account Lock Policies: Automatically disabling an account after a certain number of failed login attempts protects against "brute-force" attacks.

2.3 External and Multi-Factor Authentication

Beyond local passwords, modern databases support external and more secure authentication mechanisms:

• External Services (LDAP/Active Directory): Centralizes user management by allowing the database to verify identities against a corporate directory service.
• Multi-Factor Authentication (MFA): Requires two or more pieces of evidence (e.g., a password and a mobile code) to verify identity.
• Certificate-Based Authentication: Uses digital certificates (SSL/TLS) to verify both the client and the server identities.

3. Understanding Login Behavior

A critical part of managing a database is observing how it reacts during different authentication scenarios:

• Successful Authentication: When correct credentials are provided, a session is established.
• Failed Attempt: If incorrect credentials are used, the database denies entry and logs the attempt.
• Behavioral Observation: Analyzing system responses to incorrect logins—such as delay increases or locking triggers—is essential for recognizing and mitigating potential security threats.