Securing User Accounts: Logon, Logoff, Account Changes, and Attack Mitigation

This course is included in our On-demand training solution.


You can probably think of at least one major account security breach you’ve heard about. When a security breach happens, it puts your customers, assets, and entire reputation at risk, so knowing how to identify and respond to potential attacks can be the difference between an organization’s continued success or complete failure. In this course, you’ll learn about enhancing user account security by establishing logon, logoff, and advanced password management protocols. You’ll also learn about safe and secure policies for advanced user account management such as account change and reset practices. Finally, this course covers effective best practices for handling user account security breaches, such as neutralizing attacks, and safely handling compromised systems to limit any further damage to your systems, network, and other user assets.

Target Audience

Individuals such as network administrators, programmers, risk managers, and other key individuals interested in establishing and maintaining secure user account policies and practices



Expected Duration

90 min.

Course Objectives

Course Introduction

Overview of the Logon Feature

  • describe the characteristics and purpose of the logon feature
  • Development Best Practices

  • identify best practices during development to secure site logon
  • Using SSL for Logon Security

  • use Secure Sockets Layer or SSL to enhance logon security
  • Managing Simultaneous Sessions

  • identify best practices for managing multiple simultaneous sessions from the same user
  • Common Logon Attacks

  • distinguish between the common types of attacks on logon pages
  • Logon Fraud Detection and Prevention

  • describe best practices for detecting and preventing logon fraud
  • Overview of the Logoff Feature

  • identify the purpose and characteristics of implementing logoff requirements
  • Session Expiry

  • identify the best practices and purpose of session expiry
  • Remote Logoff

  • identify the characteristics and best practices for remote logoff procedures
  • Securing Logoff Against CSRF

  • describe the purpose and techniques for implementing Cross-Site Request Forgery or CSRF protection on the logoff feature
  • Password Storage Best Practices

  • describe best practices for password storage policies
  • Password Hashing Best Practices

  • identify the best practices for hashing passwords for storage
  • Overview of Password Reset

  • identify the characteristics and purpose of password reset
  • Timed Password Reset

  • identify the best practices for implementing timed password resets
  • Implementing Verification Questions

  • describe the best practices for strengthening password reset with verification questions
  • Password Hints

  • identify the benefits and challenges of using password hints and best practices
  • Account Change Risks

  • describe the characteristics of account detail changes and how and why they carry risk of attack
  • At-risk Account Attributes

  • identify the specific account attributes that hackers target
  • Password Verification for Changes

  • describe the best practices for using password verification during account change activities
  • Implementing Account Change Notifications

  • identify the best practices for implementing user account change notifications
  • Confirming Account Changes

  • identify the best practices for confirming user account changes with users
  • Dealing with Compromised Systems

  • identify the best practices for dealing with compromised systems after a successful security attack
  • Collecting Attack Evidence

  • identify the best practices when collecting evidence and information after a successful attack
  • Neutralizing Attacks

  • describe the best practices for neutralizing user account security attacks
  • Exercise: Securing Account Access and Mitigating Risk