Authentication Current Problems with Security Authentication

1
AuthenticationCurrent Problems with Security
Authentication
2

• Modern network computing environments provide
  employees with access to powerful applications,
  information accesses, and downloads from the
  Internet

3

• This introduces new security challenges for the
  Information Technology groups responsible for
  managing computer security.

4

• The interconnected and mobile nature of employee
  cyber workspaces
  
• The prevalence of evolving and increasingly
  malevolent viruses / worms
  
• Require Information Technology to be able to
  detect new threats and immediately react to them.

5
IT departments are desperately seeking better,
more proactive and preventive approaches to
security Specifically the accurate authenticati
on of the end users.
6
One of the major current problems with security
authentication
weak passwords
7
The sheer numbers of passwords encourage the
worst security practices

• In order to manage the volume of memory required,
  people will use names of loved ones and hobbies
  to form the bulk of passwords.
  
• Passwords tend to be the same for all systems,
  and numeric suffixes tend to be incremented to
  match the month or in monotonically increasing
  series.
• These habits diminish or destroy the strength and
  protection of the intended security.

8

• A recent survey on password security by Egg, the
  United Kingdom online bank, found that
  
• 41 of users choose their loved ones names for
  a password
  
• 12 use their birthday
• 9 use a football team, celebrity, or music band
  
  
• 9 use their favorite place
• 8 use their own name
• 8 use a pets name
• In other words, 87 of users use a guessable
  plain English password

9
The Egg report went on to examine why passwords
were not changed frequently

• 27 said it was because they did not like
  remembering a new one
  
• 14 said it was irritating
• 13 were sentimentally attached to their old
  password
  
• 12 just forget
• The fundamental problem with passwords is that
  they are an inconvenience

10

• In a lot of office environments passwords are
  written down, shared, and follow common schemes
  
  
• Look under the keyboard or the side of the PC
  monitor for a yellow post-it note
  
• Notepad text file on line (All passwords and
  user accounts)
  
• Standard user accounts such as root,
  administrator, and system manager still have the
  same default passwords as when the software was
  first installed
• Passwords are also vulnerable to shoulder
  surfing
  
• Users simplify their life by reducing the
  strength and security of those passwords.

11

Inconvenient In an attempt to improve security
, organizations will create elaborate password
generation rules / force passwords to change very
often / issue users with computer-generated
passwords that are difficult if not impossible to
remember so users write them down
Easily broken Programs such as Crack, SmartP
ass, PWDUMP, NTCrack, John the Ripper, LØpht
crack can easily decrypt UNIX, NetWare, OpenVMS,
WINNT passwords. Dictionary attacks are
feasible because users choose easily guessed
passwords.
12
(No Transcript)
13
Ultimately, the real purpose of a security system
is to try and make the users life easy while
making the hackers life very difficult,
balancing security with ease of use
14
How to fix this

• -- Keyboard passwords alone are not enough
• -- Security/System Administration must secure
  password file
  
• -- More is needed

15
(No Transcript)