1. Problems With Centralized Passwords Dartmouth College PKI Lab

2. Managing the Multitude: User Perspective Users HATE username/passwords Too many for them to manage: –Re-use same password –Use weak (easy to remember) passwords –Rely on “remember my password” crutches Forgotten password help desk calls cost $25 - $200 (IDC) and are far too common As we put more services online, it just gets worse…

3. Managing the Multitude: Admin Perspective Many different username/password schemes to learn, set up, and administer: –Backups, password resets, revoking access, initial password values, etc. Multiple administrators have access usernames/passwords – many points of failure

4. Ending the Madness Traditional approaches –Single password –Single sign-on, fewer sign-ons PKI –Local password management by end user –Two factor authentication

5. Single Password Users like it, but… Requires synchronizing passwords (inherently problematic) – actually makes admin madness worse! Single username/password becomes single point of failure… Hack weakest application and get passwords to all applications! Costly to maintain and difficult to make work well.

6. Single Sign-on, Fewer Sign-ons More secure & provides some relief for users, but… Requires infrastructure (e.g. WebISO or Kerberos sidecar). Fewer sign-ons still has synchronization problems. Single sign-on solutions are for web applications only. Kerberos sidecar has problems with address translation and firewalls and is not widely supported.

7. Password Sharing Corrupts value of username/password for authentication and authorization. Users do share passwords: PKI Lab survey of 171 undergraduates revealed that 75% of them shared their password and fewer than half of those changed it after sharing. We need two factor authentication to address password sharing.

8. All Your Eggs in One Basket Traditional username/password authentication requires access to passwords database from network servers or authentication server: –Bad guys have network access, can use this to crack individual accounts or worse, get many or all passwords in one grand hack. How would you like to have to notify thousands of users to satisfy FERPA requirements when their accounts are breached? This has happened! –Multiple (possibly many) system administrators have access to user passwords. Traditional Single Sign-on or Fewer Sign-on means once a username/password is compromised, access to multiple services is compromised.

9. PKI’s Answer to Password Woes Users manage their own (single or few) passwords. Two factor authentication. Widely supported alternative for authentication to all sorts of applications (both web-based and otherwise).

10. PKI Passwords Are Local to Client PKI can eliminate user passwords on network servers. Password to PKI credentials are local in the application key store or in hardware token. User manages the password and only has one per set of credentials (likely only one or two). Still need process for forgotten password, but it is only one for all applications using PKI authentication, and users are much less likely to forgot it since they use it frequently and control it themselves.

11. PKI Enables Single Password and Single Sign-on User maintains password on their credentials. PKI credentials authenticate user to the various services they use via PKI standards. No need for password synchronization. No additional infrastructure other than standard PKI and simple, standard hooks for PKI authentication in applications. Typically less effort to enable PKI authentication than other SSO methods.

12. PKI Provides Two Factor Authentication Requires something the user has (credentials stored in the application or a smartcard or token) in addition to something a user knows (local password for the credentials). Significant security improvement, especially with smartcard or token (a post-it next to the screen is no longer a major security hole). Reduces risk of password sharing.