1 / 18

An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords

An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords. Mahmoud Abaza and Brent Hunter School of Computing and Information Systems, Athabasca University mahmouda@athabascau.ca. Alphanumeric Passwords: easy to implement, easy to use, and versatile.

diza
Download Presentation

An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems, Athabasca University mahmouda@athabascau.ca

  2. Alphanumeric Passwords: easy to implement, easy to use, and versatile.

  3. Weakness of Alphanumeric Passwords: users use weak passwords.

  4. Example ideas to overcome weakness of Alphanumeric Passwords: password haystacks system (Gibson) system of using 4 or more unrelated dictionary words (Munroe)

  5. An average person may have to log in to 8 or more systems over the course of a day, and will probably use the same password for more than one of them

  6. Enhancements for traditional alphanumeric passwords. Replacements for traditional Alphanumeric Passwords.

  7. Enhancements for traditional alphanumeric passwords.. • enhanced password creation mechanisms, • password storage and management systems • single sign on systems, • secondary identity verification

  8. Replacements for Traditional Alphanumeric Passwords. • one-time password systems • Token-Based, and Tokenless (email, SMS) • Certificate-based. • Biometrics.

  9. Enhancements for traditional alphanumeric passwords & Replacements for traditional Alphanumeric Passwords. How easy to use How easy to implement How secure How versatile.

  10. Replacement: One-Time password Not Easy to use (requires a token) Not easy to implement(requires back-end authentication infrastructure) Not easy to share.

  11. Replacement: Certificate based (smart cards and computer certificate) Not Easy to use (requires a smart card) Significantly more overhead. Less versatile (requires a reader).

  12. Replacement: Biometrics. Difficult to implement (requires hw and sw at endpoints) Once forged, it is not easy to re-issue. False negatives. Not versatile (require additional hw.)

  13. Replacement: Non-alphanumeric. Graphical passwords are not easy to enter More difficult o implement (many require backend authentication). Most require agent installed on each machine. Other such difficulties.

  14. Enhancement: Password creation mechanism. Algorithms to derive passwords (slower). Not friendly.

  15. Enhancement: Password storage and management. Single point failure. Difficult to use (requires form filler on the user’s side) More difficult to implement. Needs updating.

  16. Enhancement: Single Sign On. Single point failure. Requires additional administrative work. Not versatile (Systems must provide single sign on standard) .

  17. Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????

  18. CONCLUSION Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????

More Related