1 / 17

Password Management for Multiple Accounts Some Security and Usability Considerations

This article explores the challenges and considerations when managing passwords for multiple accounts, including the trade-off between security and usability. Topics covered include password rules, offline and online attacks, additional authentication factors, and user behavior.

nichelle
Download Presentation

Password Management for Multiple Accounts Some Security and Usability Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Password Management for Multiple AccountsSome Security and Usability Considerations Mike Just DIMACS Workshop on Usable Privacy and Security Software 7 July 2004

  2. Agenda • Introduction • Background – Password for One Account • Passwords for Multiple Accounts • Further Thoughts

  3. Introduction • Premise – Passwords are too secure already • Several conditions lead to an unusable or intolerable environment for users • Password conditions • For a single password • Password rules, length, … • For multiple passwords across several accounts • Distinctiveness requirement/recommendation • How usability be improved while retaining an acceptable level of risk?

  4. Password for One Account • Usability Considerations • Password length, e.g. 4-8 characters • Password construction, e.g. 1 letter, 1 number, … • Password entering, e.g. allowed attempts • Password management, e.g. update • Attack considerations • Offline attacks • Online attacks

  5. Password for One Account • Offline attack • Encryption of password images • Distribution of password images, cf. Ford/Kaliski • Online attacks • Password rules • Account lockout • Reverse Turing Tests (CAPTCHA) • But, you also have to consider • Social engineering (e.g. phishing) attacks or other attacks directed at the user (and not the account system)

  6. Password for One Account • Enhance with “something you have” • One-time passwords • Hard tokens, e.g. SecurID, SmartCard • In most cases, this requires a different “something you have” for each account • Typically issued and managed through the information provider • Compounds password usability issues across each account

  7. Passwords for Multiple Accounts • Consider a user with multiple accounts, each requiring password authentication • Traditional wisdom dictates a distinct password for each account • Is this necessary? Why or why not?

  8. Passwords for Multiple Accounts • This is often a recommendation, as opposed to a mandatory requirement • Different accounts managed by different authorities • Distinct versus independent passwords • Difficult to enforce independent passwords; see above • Even with the same authority, password values not typically compared

  9. Passwords for Multiple Accounts • When might the same password be used at different accounts? • A risk management decision • Some considerations • Type of attack(s) • Typical behaviour of account user • Account security or risk • Additional authentication factors

  10. Passwords for Multiple Accounts – Type of Attack(s) • Consider online attacks • Though social engineering attacks remain a concern • Random versus targeted attacks • Random: An attack to compromise any account • Targeted: An attack to compromise a specific account • Targeted attacks might be discouraged with a number of security measures • Account lockout after some number of login attempts • Login monitoring systems to detect persistent failed attempts against one account

  11. Passwords for Multiple Accounts – Type of Attack(s) • Assuming that random attacks occur most often…the likelihood of extending the attack to other account systems (for the same compromised user) may be low • Is there much motivation to attack that same user at a different account system? • The attacker would have to know of the location of other account systems where the same user is registered • The attacker would have to know of the account names • So, password re-use might be ok in some cases

  12. Passwords for Multiple Accounts – User Behaviour • A “separation” between multiple accounts based upon user behaviour • Consistently accessing accounts from different locations • Often forced today, e.g. no personal account access from work • Distinct account identifiers • Create account separation, but also confusion • Physical and digital separation of account information regarding multiple accounts • Can reduce risk of multiple account compromise

  13. Passwords for Multiple Accounts – Account Security or Risk • Often cited reason for distinct passwords • Work account versus magazine subscription • Don’t create a “weak link” by using a password for a high risk account, at an account that may not have similar security protections • Previous conditions may help reduce this risk

  14. Passwords for Multiple Accounts – Addn’l Authentication Factors • Multiple authentication factors should be independent • Compromise of one should not increase likelihood of other • Similarly, using the same password across multiple accounts, with different secondary authentication factors, introduces additional risk • Compromising a password at account A, and token for account B, shouldn’t allow compromise of either account • But, if the password for A and B are the same… • However, such additional risk may be tolerable

  15. Passwords for Multiple Accounts – Summary • Some potential for password re-use • Attack type • Increase protection against targeted attacks • User behaviour • Separate behavioural patterns and records • Account security or risk • Ensure separation amongst different account risk groups • But, based on factors above, this might be lessened somewhat • Additional authentication factors • Reduce potential burden in case of additional factor

  16. Further Thoughts • What about the necessity of password updates? • Multiple passwords over time, as opposed to space • Memorize new, forget old • Are other protections sufficient, e.g. “Last login time:” • What about the necessity of strict password rules? • 1 uppercase, 1 special character, … • Can risks of random or targeted online attacks be sufficiently mitigated? • Do additional factors allow for leniency?

  17. Contact Information Mike Just Public Works and Government Services Canada (PWGSC) mike.just@pwgsc.gc.ca +1–613–952–6031 Carleton University School of Computer Science http://www.scs.carleton.ca/~just/

More Related