Support 		 
  | Products | Services | Partners | Support | News | Company | Purchase | View Cart | May 10, 2005    
 Knowledge Base
 Troubleshooting
 Interactive Support
 Software Download
 Supported Devices
 Support by Partner
 Report a Bug
 Product Registration

 Security Concepts
 Authentication Basics
 Biometrics
 Token
 Password
 Selection Process
 PKI

 Documents
Password
Passwords are the most common form of authenticating today. Conservative estimates show that there are close to a billion password-based authentications per day.

Today, users must remember too many identities and password combinations at an ever increasing rate.

Some problems with passwords include:

Access to user passwords by system administrators - System administrators who keep assigned passwords written down for quick access when a user forgets their own passwords. This destroys the whole element of nonrepudiation.

Risk of undetected theft - Passwords can be stolen without the knowledge of the user. Similarly, a user can unknowingly disclose a password through eavesdropping, persuasion, posing as a system administrator, etc. Loss of a password can only be discovered by detecting its misuse or finding it in the possession of an unauthorized user.

Risk of undetected sharing - Passwords can be easily shared. Current systems can create situations where a secretary will use their boss's passwords to read e-mails. However, reading the boss's e-mail should be possible without allowing the secretary to send e-mail under the boss's identity. A proxy implementation would allow secretaries to answer their boss's e-mail while signing the replies with their own names.

Risk of weakest link - Users tend to repeat selecting the same password at multiple sites. Exposure of a user password at a weak site can lead to the users accounts being compromised at other sites. Unfortunately, there is also no technical way to prevent users from selecting the same passwords at multiple sites.

Risk of guessing - If a password can be guessed via personal knowledge, tendencies and other easily obtainable information will be compromised.

Risk of dictionary/brute force attack - Passwords can be exhaustively searched by utilizing a dictionary or brute force attack to try every possible combination of typeable letters.

Risk of password play - If a password is transmitted from client to server or even keyboard to terminal, it is possible to intercept and record this information.

Risk of server spoofing - Web sites and applications can copy the look and feel for use as a decoy to establish confidence and obtain passwords from a user.

Risk of password reuse - The requirement to change passwords with some frequency is understood but the frequency to do so is not. Forcing users to change passwords more frequently could actually lead to less security.

Return to Top