An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems,

Slides:



Advertisements
Similar presentations
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
Single Sign-On (SSO) Single Sign-On (SSO) Strong Authentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
European Electronic Identity Practices Country Update of …………… Speaker: Date:
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Access Control Methodologies
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
FIT3105 Smart card based authentication and identity management Lecture 4.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Marjie Rodrigues
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Certificate and Key Storage Tokens and Software
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Two-Factor Authentication. In this talk Why a change is being proposed What is the proposed change A request for feedback 2.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
CorporateInformationSecurity Corporate Information Security User Identification & Logical Access Control.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Cisco’s Secure Access Control Server (ACS)
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant
G53SEC 1 Authentication and Identification Who? What? Where?
Bzupages.com. Operating System: Presented To: Sir. Ahsan Raza Presented By: Shaista Sumreen (06-04) Aliya Zafar (06-06) Mamoona Sadia (06-08) Javaria.
Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.
Security Planning and Administrative Delegation Lesson 6.
G53SEC 1 Authentication and Identification Who? What? Where?
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.
Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.
Access Control / Authenticity Michael Sheppard 11/10/10.
Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.
Internet2 Base CAMP Topics in Middleware: Authentication.
11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation DElivery System CERN IT/CF-ASI.
Information Systems Design and Development Security Precautions Computing Science.
3D Password.
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
How to Enable Account Key Sign Instead Of Password In Yahoo? For more details:
Web Applications Security Cryptography 1
SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
Data and Applications Security Developments and Directions
Authentication.
How to Fix Windows 10 Update Error 0x ?.
Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.
Public Key Infrastructure from the Most Trusted Name in e-Security
Student: Ying Hong Course: Database Security Instructor: Dr. Yang
By Hyun-Chul Kim, Hong-Woo Lee, Kyung-Seok Lee, Moon-Seog Jun
Strong Password Authentication Protocols
Installation & User Guide
A Framework of Remote Biometric Authentication on the Open Network
AzMERIT Training.
Faculty of Science IT Department Lecturer: Raz Dara MA.
Module 2 OBJECTIVE 14: Compare various security mechanisms.
PLANNING A SECURE BASELINE INSTALLATION
Welcome to your new ticketing system
Presentation transcript:

An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems, Athabasca University

Alphanumeric Passwords: easy to implement, easy to use, and versatile.

Weakness of Alphanumeric Passwords : users use weak passwords.

Example ideas to overcome weakness of Alphanumeric Passwords: password haystacks system (Gibson) system of using 4 or more unrelated dictionary words (Munroe)

An average person may have to log in to 8 or more systems over the course of a day, and will probably use the same password for more than one of them

Enhancements for traditional alphanumeric passwords. Replacements for traditional Alphanumeric Passwords.

Enhancements for traditional alphanumeric passwords.. enhanced password creation mechanisms, password storage and management systems single sign on systems, secondary identity verification

Replacements for Traditional Alphanumeric Passwords. one-time password systems Token-Based, and Tokenless ( , SMS) Certificate-based. Biometrics.

Enhancements for traditional alphanumeric passwords & Replacements for traditional Alphanumeric Passwords. How easy to use How easy to implement How secure How versatile.

Replacement: One-Time password Not Easy to use (requires a token) Not easy to implement(requires back- end authentication infrastructure) Not easy to share.

Replacement: Certificate based (smart cards and computer certificate) Not Easy to use (requires a smart card) Significantly more overhead. Less versatile (requires a reader).

Replacement: Biometrics. Difficult to implement (requires hw and sw at endpoints) Once forged, it is not easy to re-issue. False negatives. Not versatile (require additional hw.)

Replacement: Non-alphanumeric. Graphical passwords are not easy to enter More difficult o implement (many require backend authentication). Most require agent installed on each machine. Other such difficulties.

Enhancement: Password creation mechanism. Algorithms to derive passwords (slower). Not friendly.

Enhancement: Password storage and management. Single point failure. Difficult to use (requires form filler on the users side) More difficult to implement. Needs updating.

Enhancement: Single Sign On. Single point failure. Requires additional administrative work. Not versatile (Systems must provide single sign on standard).

Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????

CONCLUSION Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????