Using Technology to Overcome the Password’s Contradiction

AbStrAct The traditional approach to security has been the use of passwords. They provide the system with a barrier to access what was quite safe in the analogical world. The digital era provided the means to easily try thousands of passwords in a short period of time and now the password schema is no longer safe. Now it suffers of the password's contradiction: the fact that it requires both simplicity and complexity to be usable and safe. Being so, new technologies are required that can preserve the easiness of use, but can provide stronger authentication processes. This chapter presents the latest advances in three technologies that can be used, unaided or together, to improve the safety of user/password schemas without significant changes in the protected information system architecture, despite the human factors that traditionally reduce the security of those systems. The presented technologies are Keystroke Dynamics, Graphical Authentication and Pointer Dynamic.

[1]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[2]  K. Revett,et al.  Data Mining a Keystroke Dynamics Based Biometrics Database Using Rough Sets , 2005, 2005 portuguese conference on artificial intelligence.

[3]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[4]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[5]  R. Nickerson,et al.  SHORT-TERM MEMORY FOR COMPLEX MEANINGFUL VISUAL CONFIGURATIONS: A DEMONSTRATION OF CAPACITY. , 1965, Canadian journal of psychology.

[6]  L. Standing Learning 10000 pictures , 1973 .

[7]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[8]  Paulo Sérgio Tenreiro Magalhães,et al.  An improved statistical keystroke dynamics algorithm , 2005 .

[9]  Anil K. Jain,et al.  Handbook of Fingerprint Recognition , 2005, Springer Professional Computing.

[10]  Antonella De Angeli,et al.  USABILITY AND USER AUTHENTICATION: PICTORIAL PASSWORDS VS. PIN , 2004 .

[11]  Sarah Spiekermann The Desire for Privacy: Insights into the Views and Nature of the Early Adopters of Privacy Services , 2005, Int. J. Technol. Hum. Interact..

[12]  S. Alibhai,et al.  Censusing and monitoring black rhino (Diceros bicornis) using an objective spoor (footprint) identification technique , 2001 .

[13]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[14]  A. Ant Ozok,et al.  A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords , 2006, SOUPS '06.

[15]  Kenneth Revett,et al.  Critical aspects in authentication graphic keys , 2006 .

[16]  Bogdan Hoanca,et al.  Secure graphical password system for high traffic public areas , 2006, ETRA '06.

[17]  Hamid R. Nemati,et al.  Information Security and Ethics: Concepts, Methodologies, Tools and Applications , 2008 .

[18]  Anil K. Jain,et al.  FVC2004: Third Fingerprint Verification Competition , 2004, ICBA.

[19]  Norman Shapiro,et al.  Authentication by Keystroke Timing: Some Preliminary Results , 1980 .

[20]  Juan Ruiz-Alzola,et al.  Biometric identification systems , 2003, Signal Process..

[21]  K. Revett,et al.  Password secured sites - stepping forward with keystroke dynamics , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[22]  Neil F. Doherty,et al.  Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis , 2005, Inf. Resour. Manag. J..

[23]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[24]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[25]  Kenneth Revett,et al.  Developing a keystroke dynamics based agent using rough sets , 2005 .

[26]  L. Standing Learning 10,000 pictures. , 1973, The Quarterly journal of experimental psychology.

[27]  Florin Gorunescu,et al.  Authenticating computer access based on keystroke dynamics using a probabilistic neural network , 2006 .