Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems,

Published byAnnabella Peavey Modified over 10 years ago

Similar presentations

Presentation on theme: "An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems,"— Presentation transcript:

1 An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems, Athabasca University mahmouda@athabascau.ca

2 Alphanumeric Passwords: easy to implement, easy to use, and versatile.

3 Weakness of Alphanumeric Passwords : users use weak passwords.

4 Example ideas to overcome weakness of Alphanumeric Passwords: password haystacks system (Gibson) system of using 4 or more unrelated dictionary words (Munroe)

5 An average person may have to log in to 8 or more systems over the course of a day, and will probably use the same password for more than one of them

6 Enhancements for traditional alphanumeric passwords. Replacements for traditional Alphanumeric Passwords.

7 Enhancements for traditional alphanumeric passwords.. enhanced password creation mechanisms, password storage and management systems single sign on systems, secondary identity verification

8 Replacements for Traditional Alphanumeric Passwords. one-time password systems Token-Based, and Tokenless (email, SMS) Certificate-based. Biometrics.

9 Enhancements for traditional alphanumeric passwords & Replacements for traditional Alphanumeric Passwords. How easy to use How easy to implement How secure How versatile.

10 Replacement: One-Time password Not Easy to use (requires a token) Not easy to implement(requires back- end authentication infrastructure) Not easy to share.

11 Replacement: Certificate based (smart cards and computer certificate) Not Easy to use (requires a smart card) Significantly more overhead. Less versatile (requires a reader).

12 Replacement: Biometrics. Difficult to implement (requires hw and sw at endpoints) Once forged, it is not easy to re-issue. False negatives. Not versatile (require additional hw.)

13 Replacement: Non-alphanumeric. Graphical passwords are not easy to enter More difficult o implement (many require backend authentication). Most require agent installed on each machine. Other such difficulties.

14 Enhancement: Password creation mechanism. Algorithms to derive passwords (slower). Not friendly.

15 Enhancement: Password storage and management. Single point failure. Difficult to use (requires form filler on the users side) More difficult to implement. Needs updating.

16 Enhancement: Single Sign On. Single point failure. Requires additional administrative work. Not versatile (Systems must provide single sign on standard).

17 Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????

18 CONCLUSION Properly picked traditional alphanumeric passwords currently work better than any of the other available options?????

Download ppt "An Analysis of the Alternatives to Traditional Static Alphanumeric Passwords Mahmoud Abaza and Brent Hunter School of Computing and Information Systems,"

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Single Sign-On (SSO) Single Sign-On (SSO) Strong Authentication.

Single Sign-On (SSO) Single Sign-On (SSO) Strong Authentication.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
European Electronic Identity Practices Country Update of …………… Speaker: Date:

European Electronic Identity Practices Country Update of …………… Speaker: Date:
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Access Control Methodologies

Access Control Methodologies
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.

Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Marjie Rodrigues 411154.

Marjie Rodrigues

Similar presentations

Ads by Google