Skip to main content

Alternatives to password authentication technique (Research essay)

The common belief is that passwords have become the weakest spot in modern security chain (Febrache, 2016). Several years of research concluded that passwords have essential security problems and may frustrate a considerable number of users (Bonneau et al., 2012). The aim of this essay is to review existing authentication techniques, evaluate their main differences and demonstrate the importance of password authentication in the near future.

 

The most popular authentication technique is entering a user name with a password However, majority of passwords are weak: easy to remember, thus, easier for dictionary and rainbow table attacks, since they consist of words and not of random symbols (Evans, 2018). Nonetheless, passwords have a list of advantages: they do not require a physical token; they are easy to learn, it is easy to understand how passwords work; and can be used on all platforms. Main disadvantages of passwords are: memorising effort, threat of physical observation, threat of phishing, threat of dictionary or rainbow table attacks (Bonneau et al., 2012).

 

There are three main approaches to authentication: to use the information user keeps in memory, for example password, pass phrase; to use a physical object, for instance plastic card, mobile phone; to use user’s behaviour or biometrical data, such as fingerprint, face scanning. However, such approaches are only more secure if they are combined together (Febrache, 2016). This is referred to as two/three factor authentication, for example an online payment, when bank sends user a code in SMS before the transaction is made, though user has entered the details of the physical token or banking card. Such approach guaranties higher level of security.

 

Some popular alternatives to passwords are graphical passwords, biometrical authentication, using password managers (Bošnjak and Brumen, 2019). Graphical passwords are considered to be easier to remember and to reduce memorizing effort. However, it requires more storage space and more time to authenticate. Moreover, graphical passwords are still weak against dictionary and brute-force attacks (Suo et al., 2005). Biometrical authentication is easy-to-use, and it eliminates the need to memorize information. However, the most concerning problems are possible data breaches that may lead to reidentification of users and deployment challenges. Most platforms are not able to implement and use biometrical authentication yet (Bošnjak and Brumen, 2019). Password managers minimise memorizing effort but suffer from lack of deployability, that affects convenience of use. Furthermore, using password managers either restricts user to one device or to one particular service. Moreover, it makes a user use a third party which may have that security implications (Bošnjak and Brumen, 2019).

 

In summary, current alternatives to passwords are not seemed to solve security problem and to replace passwords in near future. For instance, graphical passwords do suffer from the same security threats as text passwords. However, the most common problem of alternative authentication approaches is low deployability. There are a number of devices that cannot support biometrical authentication such as stationary desktops without webcam and other equipment, except a keyboard and a mouse. The most effective way of authentication may be developed by combination of different approaches of authentication and introducing two and three step verifications, but ultimately passwords are here to stay.

 

Reference:

Bonneau, J. et al. (2012) ‘The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes’, in. 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA: IEEE.

doi:10.1109/SP.2012.44.

 

Bošnjak, L. and Brumen, B. (2019) ‘Rejecting the death of passwords: Advice for the future’, Computer Science and Information Systems, 16(1), pp. 313–332. Available at: https://doi.org/10.2298/CSIS180328016B (Accessed: 27 October 2021).

 

Evans, L. (2018) Cybersecurity: What do you need to know about computer and Cyber Security, Social Engineering, The Internet of things + An Essential guide to ethical hacking for beginners.

 

Febrache, D. (2016) ‘Passwords are broken – the future shape of biometrics’, Biometric Technology Today, 2016(3), pp. 5–7. Available at: https://www.sciencedirect.com/science/article/pii/S0969476516300492 (Accessed: 27 October 2021).

 

Suo, X., Zhu, Y. and Owen, G.S. (2005) ‘Graphical passwords: a survey’, in. 21st Annual Computer Security Applications Conference, Tucson, AZ, USA: IEEE. doi:10.1109/CSAC.2005.27.

Comments

  1. Carrie MansfieldNovember 5, 2021 at 2:44 AM

    Good, well written essay with clear structure and research, I think there might be a bit too much citation here in the main body, but you summarise and conclude well with your own interpretation of the research.
    A few points of clarity needed:
    "and may frustrate a considerable part of users" the English here means that the meaning is not clear - does it frustrate a considerable number of users, rather than part, perhaps?
    Be careful where you place your in-text citations - make sure they are at the end of the whole piece paraphrased from the source and not midway through the sentence. Also be careful about overusing citation - there should be a balance of evidenced research and response from you to the content.
    "There is a number of devices" there "are" not is.

    ReplyDelete
    Replies
    1. UnknownNovember 5, 2021 at 3:17 AM

      Thank you for your feedback! I have corrected mistakes and uploaded new version. Also, I put all citations at the end of sentences. Furthermore, I tried to deal with oversusing citation and changed some sentenced a bit to get rid of some in-text citations. I hope now the essay looks better(

      Delete

Post a Comment

Popular posts from this blog

Software review: Hashcat

In the following blogpost the way I used software called hashcat in my project is described. The example of using this software for dictionary attack is demonstrated. In my work I used information provided by Tavarez (2020) .   According to Porup (2020) hashcat is one of the most popular password crackers all around the world. Moreover, hashcat is included in the list of basic tools in Kali linux – linux distribution widely used by cybersecurity specialists. I installed Kali linux virtual machine in order to use this program and to show the example of a dictionary attack (Author's screenshot) However, before looking at the examples of using hashcat on practise, it is useful to understand in which areas hashcat is using. In plain words, hashcat is a password guesser which includes a number of features and pre-installed functionalities for cracking passwords by penetrating brute-force and dictionary attacks. The way it works is not too sophisticated, it hashes considerable numbe...
1 comment
Read more

Major project theme

Every person has heard about how important it is to have a well-built strong password. An essential number of people would agree that password hygiene is as important as the personal hygiene is, since violation of first may lead to much more serious consequences. However, the statistics show that 59% of users use their names and dates of birth as their passwords, 43% shared their passwords with other people and only 45% would change a password after a breach (O’Driscoll, 2020). The aim of this post is to show how to create strong passwords. It is necessary to know how passwords are cracked in order to properly understand what password can be referred as strong one. There are to ways to execute an attack: online and offline.  Online attack is done by trying different passwords one by one through a normal log in process. Usually, such attacks are unsuccessful since they are easy to detect and block if necessary (Burnett and Kleiman, 2006).  I think everybody encountered situatio...
2 comments
Read more