1 / 11

One-Time Passwords

One-Time Passwords. By Anthony McDougle and Loren Klingman. Why Use One-Time Passwords?. The average user does not have secure passwords Simple passwords Reusing the same password Never changing their password Can add security when used as an additional level of authentication.

tanner-farley
Download Presentation

One-Time Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. One-Time Passwords By Anthony McDougle and Loren Klingman

  2. Why Use One-Time Passwords? • The average user does not have secure passwords • Simple passwords • Reusing the same password • Never changing their password • Can add security when used as an additional level of authentication

  3. What Are One-Time Passwords? • A new password is generated at each use • The password expires after one use and cannot be used again • Cannot be re-used by an interceptor

  4. Who Uses One-Time Passwords • Facebook • Optional method of logging into public PCs • Generated password is delivered via text message • Google • Multi-factor authentication, using standard passwords & a one-time password in order to log in • Among many others!

  5. How It Works • Time-Generated on Server & Client • Requires Synchronization • “Seeded” Algorithm • One-way hash function • Passwords generated and sent to the user

  6. Password Distribution • Mobile Phone App • Token-Generating Device • Text Message or E-mail • Cheapest, but least secure • Printed on Paper & Given to User

  7. Multi-Factor Authentication • When a system uses multiple levels and methods of authentication • Categories of authentication • Something you are (biometrics) • Something you have (phone, computer) • Something you know (standard password) • Can be as simple as having a standard password and a generated one-time password for log ins

  8. Benefits • Passwords cannot be stolen by traffic-sniffers and key loggers • Passwords cannot be cracked by traditional methods • Not very susceptible to phishing attempts/non-secure users • Passwords are, in theory, not re-usable • Stolen passwords are useless

  9. Vulnerabilities • Theft of the password-generator or a list of valid passwords is still a possibility • Cracking the password-generation algorithm • In cases of SMS/e-mail/other messaging, the service provider in the middle must prevent interception • Malware that can trick a user into giving up a password before its use

  10. Other Pros & Cons • One-time passwords are generally safer than regular passwords • May be too much • Too many prompts can frustrate users • Cost money to implement but often cheaper than other methods such as biometrics

  11. Conclusion • One-time passwords are a much safer alternative • Thwart key loggers, traffic sniffers, phishers • One-time password still have vulnerabilities, though they are harder to crack • Deciding on the password system depends on the company and the security measures necessary • Different systems may be more cost-effective depending on the need • Find a balance between cost, simplicity, and security

More Related