Upload File

Download - One-Time Passwords

Transcript
Page 1: One-Time Passwords

One-Time PasswordsBy Anthony McDougle and Loren Klingman

Page 2: One-Time Passwords

The average user does not have secure passwords◦ Simple passwords◦ Reusing the same password◦ Never changing their password

Can add security when used as an additional level of authentication

Why Use One-Time Passwords?

Page 3: One-Time Passwords

A new password is generated at each use The password expires after one use and

cannot be used again◦ Cannot be re-used by an interceptor

What Are One-Time Passwords?

Page 4: One-Time Passwords

Facebook◦ Optional method of logging into public PCs◦ Generated password is delivered via text message

Google◦ Multi-factor authentication, using standard

passwords & a one-time password in order to log in

Among many others!

Who Uses One-Time Passwords

Page 5: One-Time Passwords

Time-Generated on Server & Client◦ Requires Synchronization

“Seeded” Algorithm◦ One-way hash function

Passwords generated and sent to the user

How It Works

Page 6: One-Time Passwords

Mobile Phone App Token-Generating Device Text Message or E-mail

◦ Cheapest, but least secure Printed on Paper & Given to User

Password Distribution

Page 7: One-Time Passwords

When a system uses multiple levels and methods of authentication

Categories of authentication◦ Something you are (biometrics)◦ Something you have (phone, computer)◦ Something you know (standard password)

Can be as simple as having a standard password and a generated one-time password for log ins

Multi-Factor Authentication

Page 8: One-Time Passwords

Passwords cannot be stolen by traffic-sniffers and key loggers

Passwords cannot be cracked by traditional methods

Not very susceptible to phishing attempts/non-secure users

Passwords are, in theory, not re-usable◦ Stolen passwords are useless

Benefits

Page 9: One-Time Passwords

Theft of the password-generator or a list of valid passwords is still a possibility

Cracking the password-generation algorithm In cases of SMS/e-mail/other messaging, the

service provider in the middle must prevent interception

Malware that can trick a user into giving up a password before its use

Vulnerabilities

Page 10: One-Time Passwords

One-time passwords are generally safer than regular passwords

May be too much◦ Too many prompts can frustrate users

Cost money to implement but often cheaper than other methods such as biometrics

Other Pros & Cons

Page 11: One-Time Passwords

One-time passwords are a much safer alternative◦ Thwart key loggers, traffic sniffers, phishers

One-time password still have vulnerabilities, though they are harder to crack

Deciding on the password system depends on the company and the security measures necessary◦ Different systems may be more cost-effective

depending on the need◦ Find a balance between cost, simplicity, and security

Conclusion


Top Related

Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes
Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes
Configuring SAP HANA One · Configuring SAP HANA One This guide covers 1. One-time configuration that secures your connection to your SAP HANA One instance and set related User passwords,
Configuring SAP HANA One · Configuring SAP HANA One This guide covers 1. One-time configuration that secures your connection to your SAP HANA One instance and set related User passwords,
SurePassID Authenticator Guide · 2020-02-14 · Introduction This technical guide describes how to use the SurePassID Mobile Authenticator app to generate One-Time Passwords (OTP)
SurePassID Authenticator Guide · 2020-02-14 · Introduction This technical guide describes how to use the SurePassID Mobile Authenticator app to generate One-Time Passwords (OTP)
SSL VPN Deployment Guide 1 0 - Cisco Support Community · PDF fileThe security appliance supports various authentication methods: RSA one-time passwords, Radius, Kerberos, LDAP, NT
SSL VPN Deployment Guide 1 0 - Cisco Support Community · PDF fileThe security appliance supports various authentication methods: RSA one-time passwords, Radius, Kerberos, LDAP, NT
Multi-Factor Password-Authenticated Key Exchange · Twomajorsecurityproblemsontoday’sInternetarephishingand spyware. Theyaimtoextractvaluableprivateinformation. Existingsecurityapproaches,suchasSSL,passwords,andone-time
Multi-Factor Password-Authenticated Key Exchange · Twomajorsecurityproblemsontoday’sInternetarephishingand spyware. Theyaimtoextractvaluableprivateinformation. Existingsecurityapproaches,suchasSSL,passwords,andone-time
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords
BUSINESS ONLINE BANKING€¦ · corporate identification, User identification, password, one time passwords, mobile personal identification numbers etc. Non-Financial Transactions
BUSINESS ONLINE BANKING€¦ · corporate identification, User identification, password, one time passwords, mobile personal identification numbers etc. Non-Financial Transactions
ASA€¦ · world’s worst passwords the easiest way to jeopardise your online security? picking one of 2015s most popular passwords, as determined by the software firm splashdata,
ASA€¦ · world’s worst passwords the easiest way to jeopardise your online security? picking one of 2015s most popular passwords, as determined by the software firm splashdata,