Practical Solutions, Inc. - Your source for Technology, Solutions, and Services
PSI - Your source for Document Management, Workflow, and Information Security

United States of America

 

 Practical Biometrics & Security Solutions

 Home

 Search PS4B Contact Us  

Home

About PS4B

Solutions 4

Products

Services

Support

Careers

News

Home > Support > Technical Bulletins > Authentication 101 > Password
Online Support

Technical Bulletins
  Security Concepts

Authentication 101
  Biometrics

 

 Token

Password
 

Selection Process
  PKI
  Terms & Acronyms

Product Registration
Knowledge Base

Download
 
 
 

Technical Bulletins - Authentication 101
Password
Passwords are the most common form of authenticating today. Conservative estimates show that there are close to a billion password-based authentications per day.

Today, users must remember too many identities and password combinations at an ever increasing rate.

Some problems with passwords include:

Access to user passwords by system administrators - System administrators who keep assigned passwords written down for quick access when a user forgets their own passwords. This destroys the whole element of nonrepudiation.

Risk of undetected theft - Passwords can be stolen without the knowledge of the user. Similarly, a user can unknowingly disclose a password through eavesdropping, persuasion, posing as a system administrator, etc.... Loss of a password can only be discovered by detecting its misuse or finding it in the possession of an unauthorized user.

Risk of undetected sharing - Passwords can be easily shared. Current systems can create situations where a secretary will use their boss's passwords to read e-mails. However, reading the boss's e-mail should be possible without allowing the secretary to send e-mail under the boss's identity. A proxy implementation would allow secretaries to answer their boss's e-mail while signing the replies with their own names.

Risk of weakest link - Users tend to repeat selecting the same password at multiple sites. Exposure of a user password at a weak site can lead to the users accounts being compromised at other sites. Unfortunately, there is also no technical way to prevent users from selecting the same passwords at multiple sites.

Risk of guessing - If a password can be guessed via personal knowledge, tendencies and other easily obtainable information.

Risk of dictionary/brute force attack - Passwords can be exhaustively searched by utilizing a dictionary or brute force attack to try every possible combination of typeable letters.

Risk of password play - If a password is transmitted from client to server or even keyboard to terminal, it is possible to intercept and record this information.

Risk of server spoofing - Web sites and applications can copy the look and feel for use as a decoy to establish confidence and obtain passwords from a user.

Risk of password reuse - The requirement to change passwords with some frequency is understood but the frequency to do so it not. Forcing users to change passwords more frequently could actually lead to less security than more.

Related Information
  Online catalog
 

Contact Sales
  Information Request
   
 

Last modified: October 24, 2003

Home Contact - Copyright © Practical Solutions, Inc.