180 likes | 272 Views
An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords. Mahmoud Abaza and Brent Hunter School of Computing and Information Systems, Athabasca University mahmouda@athabascau.ca. Alphanumeric Passwords: easy to implement, easy to use, and versatile.
E N D
An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems, Athabasca University mahmouda@athabascau.ca
Alphanumeric Passwords: easy to implement, easy to use, and versatile.
Weakness of Alphanumeric Passwords: users use weak passwords.
Example ideas to overcome weakness of Alphanumeric Passwords: password haystacks system (Gibson) system of using 4 or more unrelated dictionary words (Munroe)
An average person may have to log in to 8 or more systems over the course of a day, and will probably use the same password for more than one of them
Enhancements for traditional alphanumeric passwords. Replacements for traditional Alphanumeric Passwords.
Enhancements for traditional alphanumeric passwords.. • enhanced password creation mechanisms, • password storage and management systems • single sign on systems, • secondary identity verification
Replacements for Traditional Alphanumeric Passwords. • one-time password systems • Token-Based, and Tokenless (email, SMS) • Certificate-based. • Biometrics.
Enhancements for traditional alphanumeric passwords & Replacements for traditional Alphanumeric Passwords. How easy to use How easy to implement How secure How versatile.
Replacement: One-Time password Not Easy to use (requires a token) Not easy to implement(requires back-end authentication infrastructure) Not easy to share.
Replacement: Certificate based (smart cards and computer certificate) Not Easy to use (requires a smart card) Significantly more overhead. Less versatile (requires a reader).
Replacement: Biometrics. Difficult to implement (requires hw and sw at endpoints) Once forged, it is not easy to re-issue. False negatives. Not versatile (require additional hw.)
Replacement: Non-alphanumeric. Graphical passwords are not easy to enter More difficult o implement (many require backend authentication). Most require agent installed on each machine. Other such difficulties.
Enhancement: Password creation mechanism. Algorithms to derive passwords (slower). Not friendly.
Enhancement: Password storage and management. Single point failure. Difficult to use (requires form filler on the user’s side) More difficult to implement. Needs updating.
Enhancement: Single Sign On. Single point failure. Requires additional administrative work. Not versatile (Systems must provide single sign on standard) .
Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????
CONCLUSION Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????