Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing.

Published byDylan Thomas Richardson Modified over 9 years ago

Similar presentations

Presentation on theme: "By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing."— Presentation transcript:

1 By Anthony McDougle and Loren Klingman

2  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing their password  Can add security when used as an additional level of authentication

3  A new password is generated at each use  The password expires after one use and cannot be used again ◦ Cannot be re-used by an interceptor

4  Facebook ◦ Optional method of logging into public PCs ◦ Generated password is delivered via text message  Google ◦ Multi-factor authentication, using standard passwords & a one-time password in order to log in  Among many others!

5  Time-Generated on Server & Client ◦ Requires Synchronization  “Seeded” Algorithm ◦ One-way hash function  Passwords generated and sent to the user

6  Mobile Phone App  Token-Generating Device  Text Message or E-mail ◦ Cheapest, but least secure  Printed on Paper & Given to User

7  When a system uses multiple levels and methods of authentication  Categories of authentication ◦ Something you are (biometrics) ◦ Something you have (phone, computer) ◦ Something you know (standard password)  Can be as simple as having a standard password and a generated one-time password for log ins

8  Passwords cannot be stolen by traffic-sniffers and key loggers  Passwords cannot be cracked by traditional methods  Not very susceptible to phishing attempts/non-secure users  Passwords are, in theory, not re-usable ◦ Stolen passwords are useless

9  Theft of the password-generator or a list of valid passwords is still a possibility  Cracking the password-generation algorithm  In cases of SMS/e-mail/other messaging, the service provider in the middle must prevent interception  Malware that can trick a user into giving up a password before its use

10  One-time passwords are generally safer than regular passwords  May be too much ◦ Too many prompts can frustrate users  Cost money to implement but often cheaper than other methods such as biometrics

11  One-time passwords are a much safer alternative ◦ Thwart key loggers, traffic sniffers, phishers  One-time password still have vulnerabilities, though they are harder to crack  Deciding on the password system depends on the company and the security measures necessary ◦ Different systems may be more cost-effective depending on the need ◦ Find a balance between cost, simplicity, and security

Download ppt "By Anthony McDougle and Loren Klingman.  The average user does not have secure passwords ◦ Simple passwords ◦ Reusing the same password ◦ Never changing."

Similar presentations

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)
The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.

Parameter Tampering. Attacking the Ecommerce Shopping Cart In the above image we see that a user who wants to purchase a Television visits an online Store.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.

Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.
7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.

7-1 Last time Protection in General-Purpose Operating Systems History Separation vs. Sharing Segmentation and Paging Access Control Matrix Access Control.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
The Office of Information Technology Two-Factor Authentication.

The Office of Information Technology Two-Factor Authentication.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.

Similar presentations

Ads by Google