Upload
joanne
View
53
Download
1
Tags:
Embed Size (px)
DESCRIPTION
One-Time Passwords. By Anthony McDougle and Loren Klingman. Why Use One-Time Passwords?. The average user does not have secure passwords Simple passwords Reusing the same password Never changing their password Can add security when used as an additional level of authentication. - PowerPoint PPT Presentation
Citation preview
One-Time PasswordsBy Anthony McDougle and Loren Klingman
The average user does not have secure passwords◦ Simple passwords◦ Reusing the same password◦ Never changing their password
Can add security when used as an additional level of authentication
Why Use One-Time Passwords?
A new password is generated at each use The password expires after one use and
cannot be used again◦ Cannot be re-used by an interceptor
What Are One-Time Passwords?
Facebook◦ Optional method of logging into public PCs◦ Generated password is delivered via text message
Google◦ Multi-factor authentication, using standard
passwords & a one-time password in order to log in
Among many others!
Who Uses One-Time Passwords
Time-Generated on Server & Client◦ Requires Synchronization
“Seeded” Algorithm◦ One-way hash function
Passwords generated and sent to the user
How It Works
Mobile Phone App Token-Generating Device Text Message or E-mail
◦ Cheapest, but least secure Printed on Paper & Given to User
Password Distribution
When a system uses multiple levels and methods of authentication
Categories of authentication◦ Something you are (biometrics)◦ Something you have (phone, computer)◦ Something you know (standard password)
Can be as simple as having a standard password and a generated one-time password for log ins
Multi-Factor Authentication
Passwords cannot be stolen by traffic-sniffers and key loggers
Passwords cannot be cracked by traditional methods
Not very susceptible to phishing attempts/non-secure users
Passwords are, in theory, not re-usable◦ Stolen passwords are useless
Benefits
Theft of the password-generator or a list of valid passwords is still a possibility
Cracking the password-generation algorithm In cases of SMS/e-mail/other messaging, the
service provider in the middle must prevent interception
Malware that can trick a user into giving up a password before its use
Vulnerabilities
One-time passwords are generally safer than regular passwords
May be too much◦ Too many prompts can frustrate users
Cost money to implement but often cheaper than other methods such as biometrics
Other Pros & Cons
One-time passwords are a much safer alternative◦ Thwart key loggers, traffic sniffers, phishers
One-time password still have vulnerabilities, though they are harder to crack
Deciding on the password system depends on the company and the security measures necessary◦ Different systems may be more cost-effective
depending on the need◦ Find a balance between cost, simplicity, and security
Conclusion