Skip to main content

Essay main body

The most popular authentication technique is entering a user name with a password However, majority of passwords are weak: easy to remember, thus, easier for dictionary and rainbow table attacks, since they consist of words and not of random symbols (Evans, 2018). Nonetheless, passwords have a list of advantages: they do not require a physical token; they are easy to learn, it is easy to understand how passwords work; and can be used on all platforms. Main disadvantages of passwords are: memorising effort, threat of physical observation, threat of phishing, threat of dictionary or rainbow table attacks (Bonneau et al., 2012).

 

There are three main approaches to authentication: to use the information user keeps in memory, for example password, pass phrase; to use a physical object, for instance plastic card, mobile phone; to use user’s behaviour or biometrical data, such as fingerprint, face scanning. However, such approaches are only more secure if they are combined together (Febrache, 2016). This is referred to as two/three factor authentication, for example an online payment, when bank sends user a code in SMS before the transaction is made, though user has entered the details of the physical token or banking card. Such approach guaranties higher level of security.

 

Some popular alternatives to passwords are graphical passwords, biometrical authentication, using password managers (Bošnjak and Brumen, 2019). Graphical passwords are considered to be easier to remember and to reduce memorizing effort. However, it requires more storage space and more time to authenticate. Moreover, graphical passwords are still weak against dictionary and brute-force attacks (Suo et al., 2005). Biometrical authentication is easy-to-use, and it eliminates the need to memorize information. However, the most concerning problems are possible data breaches that may lead to reidentification of users and deployment challenges. Most platforms are not able to implement and use biometrical authentication yet (Bošnjak and Brumen, 2019). Password managers minimise memorizing effort but suffer from lack of deployability, that affects convenience of use. Furthermore, using password managers either restricts user to one device or to one particular service. Moreover, it makes a user use a third party which may have that security implications (Bošnjak and Brumen, 2019).

Reference:

Bonneau, J. et al. (2012) ‘The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes’, in. 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA: IEEE. doi:10.1109/SP.2012.44.

Bošnjak, L. and Brumen, B. (2019) ‘Rejecting the death of passwords: Advice for the future’, Computer Science and Information Systems, 16(1), pp. 313–332. Available at: https://doi.org/10.2298/CSIS180328016B (Accessed: 27 October 2021).

Evans, L. (2018) Cybersecurity: What do you need to know about computer and Cyber Securuty, Social Engineering, The Internet of things + An Essential guide to ethical hacking for begginers.

Febrache, D. (2016) ‘Passwords are broken – the future shape of biometrics’, Biometric Technology Today, 2016(3), pp. 5–7. Available at: https://www.sciencedirect.com/science/article/pii/S0969476516300492 (Accessed: 27 October 2021).

Suo, X., Zhu, Y. and Owen, G.S. (2005) ‘Graphical passwords: a survey’, in. 21st Annual Computer Security Applications Conference, Tucson, AZ, USA: IEEE. doi:10.1109/CSAC.2005.27.

Comments

  1. Carrie MansfieldNovember 5, 2021 at 2:54 AM

    A good range of references and topics covered for the password use and development of other authentication options. Be careful about using too many citations in your essay as you need to give space for your response to the research. You could use footnotes if you are worried about word count to give additional information without impacting on the word count total. For hints and tips on footnotes check this out: https://www.scribendi.com/academy/articles/what_are_footnotes.en.html

    ReplyDelete
    Replies
    1. UnknownNovember 5, 2021 at 3:24 AM

      Thank you, I have never heard about footnotes before :)
      I will take a look and implement it in my works

      Delete

Post a Comment

Popular posts from this blog

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Major project theme

Every person has heard about how important it is to have a well-built strong password. An essential number of people would agree that password hygiene is as important as the personal hygiene is, since violation of first may lead to much more serious consequences. However, the statistics show that 59% of users use their names and dates of birth as their passwords, 43% shared their passwords with other people and only 45% would change a password after a breach (O’Driscoll, 2020). The aim of this post is to show how to create strong passwords. It is necessary to know how passwords are cracked in order to properly understand what password can be referred as strong one. There are to ways to execute an attack: online and offline.  Online attack is done by trying different passwords one by one through a normal log in process. Usually, such attacks are unsuccessful since they are easy to detect and block if necessary (Burnett and Kleiman, 2006).  I think everybody encountered situatio...
2 comments
Read more