Overview

MatchLogon GINA

MatchLogon Server

SAP/R3 Integration

Technologies Supported

Authentication Scenarios

Auditing & Admin

Procedure

[Problems with Passwords]

Why fingerprinting?

Sequential What?

Behind the scenes

System Requirements

The Problem with passwords

Passwords are by far the most widely used method of user authentication. However, if one were to realize, passwords authenticate through a string of characters, and this server to ensure that whoever the user knows the correct string, but fails to authenticate the person entering the string.

Since they are the least expensive to implement, most systems rely on passwords to authenticate users. But is the savings worth the risk?

Security considerations

The level of password strength required depends, in part, on how easy it is for an attacker to submit multiple guesses. Some systems limit the number of times a user can enter an incorrect password before some delay is imposed or the account is frozen. At the other extreme, some systems make available a specially hashed version of the password so anyone can check its validity. When this is done, an attacker can try passwords very rapidly and much stronger passwords are necessary for reasonable security. Stricter requirement are also appropriate for accounts with higher privileges, such as root or system administrator accounts.

Password Policies

Password policies are usually a tradeoff between theoretical security and the practicalities of human behavior. For example:

• Requiring excessively complex passwords and forcing them to be changed frequently can cause users to write passwords down in places that are easy for an intruder to find, such as a Rolodex or post-it note near the computer.

• Users often have dozens of passwords to manage. It may be more realistic to recommend a single password be used for all low security applications, such as reading on-line newspapers and accessing entertainment web sites.

• Similarly, demanding that users never write down their passwords may be unrealistic and lead users to choose weak ones. An alternative is to suggest keeping written passwords in a secure place, such as a safe or an encrypted master file.

• Inclusion of special characters can be a problem since memorising the same can be a tough task.

A very general password policy would look into several factors, including;

• Human factors: How human behaviour affects password management.

• Composition rules: Recommended rules for composing an acceptable password.

• Changing and reusing passwords: Reasons and recommendations for periodic password changes, and for not recycling old passwords.

• Secrecy: The need for keeping passwords secret, and recommended practices.

• Intruder detection: Detecting and responding to security attacks.

• Encryption: Using encryption to protect passwords in storage and in transit.

• Synchronization: Reasons for and risks with keeping passwords on different systems the same.

• User support: Password problems encountered by users, and how to securely resolve them.

Password policies often include advice on proper password management such as:

• never sharing a computer account

• never using the same password for more than one account

• never telling a password to anyone, including people who claim to be from customer service or security

• never writing down a password

• never communicating a password by telephone, e-mail or instant messaging

• being careful to log off before leaving a computer unattended

• changing passwords whenever there is suspicion they may have been compromised

Are all the above possible given human tendencies?

Common unintentional issues

In either case, a business problem arises when users have difficulty using their primary authentication method. Problems may include:

1. Forgotten passwords

2. Inadvertently triggered intruder lockouts

3. Expired passwords

Jump to other product categories:

[V-STARS]     [coatings]     [infotech]     [cryogenics]     [machined components]     [consulting]