By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.

Slides:



Advertisements
Similar presentations
User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
Advertisements

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
The Office of Information Technology Two-Factor Authentication.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
多媒體網路安全實驗室 A Strong User Authentication Framework for Cloud Computing Date : Reporter : Hong Ji Wei Authors : Amlan Jyoti Choudhury, Mangal.
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.
HOW-TO guide This tutorial has sound.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
Identity on Force.com & Benefits of SSO Nick Simha.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
VirtuCo :: Authentication and Billing ::. VirtuCo v©v© Authentication schemes –Public key –Username and password –Combination –Additional possibilities.
Secure Windows App Development. Authentication.
How Your Customers Will Pay Online & by Phone
Security A Payments Perspective Terry Dooley EVP & CIO SHAZAM Network.
Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.
ICT & Crime Introduction. Homework read THREE stories from ict.com/news/news_stories/news_crime.htm & produce a 3-fold leaflet describing/discussing.
Poster Print Size: This poster template is 50” high by 30” wide and is printed at 120% for a 60” high by 36” wide poster. It can be used to print any poster.
Shuffle A Number For Every Occasion getshuffle.com.
Two-Factor Autentication myUTSA ID+ It takes two!.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Computer Security Sample security policy Dr Alexei Vernitski.
Time-base One-time Password Eddy Kleinjan, Data Access Europe.
Information Systems Design and Development Security Precautions Computing Science.
Secure Quick Reliable Login ● SQRL pronounced “squirrel”. ● Acronym confusion – QR no longer stands for “Quick Response” two-dimensional bar codes. Optional.
BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.
Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build SDK Update Andy Wigley
Information Security.
PPP – Point to Point Protocol
Multifactor Authentication
3.2 Virtualisation.
Tutorial on Creating Certificates SSH Kerberos
Fix All Your Issues at Trezor Support Phone Number
Multifactor Authentication & First Time Login
smartmail & smartportal: Introducing Two-Factor Authentication
TaxSlayer Multi-Factor Authentication (MFA)
9 ways to avoid viruses and spyware
Security in mobile technologies
Wireless Spoofing Attacks on Mobile Devices
Presentation transcript:

By Anthony McDougle and Loren Klingman

 The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing their password  Can add security when used as an additional level of authentication

 A new password is generated at each use  The password expires after one use and cannot be used again ◦ Cannot be re-used by an interceptor

 Facebook ◦ Optional method of logging into public PCs ◦ Generated password is delivered via text message  Google ◦ Multi-factor authentication, using standard passwords & a one-time password in order to log in  Among many others!

 Time-Generated on Server & Client ◦ Requires Synchronization  “Seeded” Algorithm ◦ One-way hash function  Passwords generated and sent to the user

 Mobile Phone App  Token-Generating Device  Text Message or ◦ Cheapest, but least secure  Printed on Paper & Given to User

 When a system uses multiple levels and methods of authentication  Categories of authentication ◦ Something you are (biometrics) ◦ Something you have (phone, computer) ◦ Something you know (standard password)  Can be as simple as having a standard password and a generated one-time password for log ins

 Passwords cannot be stolen by traffic-sniffers and key loggers  Passwords cannot be cracked by traditional methods  Not very susceptible to phishing attempts/non-secure users  Passwords are, in theory, not re-usable ◦ Stolen passwords are useless

 Theft of the password-generator or a list of valid passwords is still a possibility  Cracking the password-generation algorithm  In cases of SMS/ /other messaging, the service provider in the middle must prevent interception  Malware that can trick a user into giving up a password before its use

 One-time passwords are generally safer than regular passwords  May be too much ◦ Too many prompts can frustrate users  Cost money to implement but often cheaper than other methods such as biometrics

 One-time passwords are a much safer alternative ◦ Thwart key loggers, traffic sniffers, phishers  One-time password still have vulnerabilities, though they are harder to crack  Deciding on the password system depends on the company and the security measures necessary ◦ Different systems may be more cost-effective depending on the need ◦ Find a balance between cost, simplicity, and security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.