Alternatives to Passwords

standingtopΤεχνίτη Νοημοσύνη και Ρομποτική

17 Νοε 2013 (πριν από 4 χρόνια και 7 μήνες)

87 εμφανίσεις

Alternatives to Passwords

David Bohn

Password : History

The average working professional has 6 passwords to perform daily

Passwords if used correctly are low risk, cost effective

Most common source of security

Password : Problem

Users usually use “weak” passwords, because “strong” passwords are
hard to remember.

Passwords written down and not placed in a secure area.

Sharing passwords.

Most computer attacks

Current Solutions

A few Solutions:


Smart Cards

Radio Frequency ID (RFID)

Biometrics : Defined

The automated use of physiological or behavioral characteristics to
determine or verify identity.

data derived from direct measurement of a part of the human body

Biometric : Benefits


Reduced costs

password maintenance

Reduced costs

no buddy punching

Increased security

no shared or compromised passwords

Increased security

deter and detect fraudulent account

Increased security

no badge sharing in secure areas

Biometric : Benefits



no passwords to remember or reset


faster login


confidential files can be stored securely



no passwords to remember or reset


personal files, including emails, can be secured


online purchases safer when enabled by


ability to transact anonymously

Biometrics : Leading Technologies

Fingerprint (optical, silicon, ultrasound, touch less)

Facial recognition (optical and thermal)

Voice recognition (not to be confused with speech recognition)

Iris recognition


Hand geometry


Biometrics : Fingerprints

Most common and used biometric approach

Optical vs. Silicon vs. Ultrasound

Main uses of fingerprints: daily access to networks and PCs, enter
restricted areas, and to authorize transactions

Biometrics : Fingerprints

Door locks are around $200 and up

USB drive with fingerprint reader
$80 and up

Biometric : Fingerprints

Optical reads

Oldest and most widely used

A charged coupler device converts image

Focuses on dark ridges and light valleys.

Transmitted as a digital signal.

Biometric : Fingerprints

Silicon reads

Works as a DC capacitance. The plate as
one capacitor and the finger is the other.

Converts prints into an 8bit grayscale digital

Better quality than optical, with less surface
area than optical

Biometric : Fingerprints


Considered the most accurate of the three.

Transmits acoustic waves and measures the
distance bases on the impedance of the

Capable of penetrating dirt and residue.

Biometric : Problems with Fingerprints

Cold finger

Dry/oily finger

High or low humidity

Manual activity that would mar
or affect fingerprints
(construction, gardening)

Pressure of placement

Location of finger on platen
(poorly placed core)

Cuts to fingerprint

Angle of finger placement

Biometrics : Facial Recognition

Feature analysis

Feature analysis is robust enough
to perform 1
1 or 1

Utilizes distinctive features of the

Verification time from “system
ready” prompt: 3
4 seconds

Biometric : Problems with Facial Recognition

Change in facial hair

Change in hairstyle

Adding/removing hat, glasses

Quality and placement of camera

‘Loud’ clothing that can distract face

Change in weight

Angle at which facial image is

Too much movement

Quality of capture device

Lighting conditions

Biometric : Voice Recognition

Voice recognition vs. Speech Recognition

Voice recognition verifies the identity of the individual who is

Utilizes the distinctive aspects of the voice to verify the identity of

Biometric : Problems with Voice Recognition

Cold or illness that affects voice

Different enrollment and verification capture devices

Different enrollment and verification environments (inside vs. outside)

Speaking softly

Variation in background noise

Poor placement of microphone / capture device

Quality of capture device

Biometric : Iris Scans

Primary visible characteristic is the
trabecular meshwork

Other visible characteristics
include rings, furrows, freckles,
and the corona

Biometric : Iris Scan

Trabeculum of loose fibers found at the iridocorneal angle between
the anterior chamber of the eye and the venous sinus of the sclera;
the aqueous humor filters through the spaces between the fibers
into the sinus and passes into the bloodstream.

Biometric : Problems with Iris Scans

Too much movement of head or eye


Colored Contacts

Takes a long time for most people to before acquainted with the

User placed between 2
18 inches away. Capture and verification are
nearly immediate.

Typical verification time from “system ready”
prompt: 3
5 seconds

Biometric : Retina Scan

Verify blood vessel patterns on retina

Typical verification

time from “system

ready” prompt:

12 seconds.

Biometric : Problems with Retina Scans

Too much movement of head or eye


Biometric : Hand Recognition

Inferring the length, width, thickness, and surface area of the hand and
fingers from silhouetted images projected within the scanner.

Over 90 measurements are taken

Some are based on the shape and characteristics of the index and middle

Relatively accurate technology, but does not draw on as rich a data set as
finger, face, or iris

Biometric : Problems with Hand Recognition


Change in weight


Swelling of joints

Also very costly startup

Cannot perform 1

many searches

Smart Cards

Inside of a smart card usually contains an embedded 8
bit microprocessor

The microprocessor on the smart card is there for
. The host
computer and card reader actually "talk" to the microprocessor. The
microprocessor enforces access to the data on the card. If the host computer
read and wrote the smart card's random access memory,it would be no
different than a diskette

Smart Cards

Uses of Smart Cards

Credit cards

Electronic cash

Computer security systems

Wireless communication

Loyalty systems (like
frequent flyer points)


Government identification

Average Smart Card Specs.

1 kb of RAM

24 kilobytes of ROM

16 kilobytes of programmable ROM

bit microprocessor running at 5

Problems with Smart Cards

The United States still relies heavily on
magnetic strips.

Costly startup fee

Codes can be found figured out by watching
power consumption

Radio Frequency ID

Works with radio frequency (RF)

Uses low frequency and low power, it does
not interfere with other telemetry equipment

A user within the proximity of the
computer, the user is allowed access to the

When they leave the computer is
locked again.

Radio Frequency ID

From 3 to 30 Feet

Passive (no battery) vs. Active

Problems with RFID

Hard to read near metal or if the transmitter
has passed through water.

Up and Coming Biometrics


Ear Shape

Odor (human scent)


Nailbed Identification (ridges in fingernails)

Gait Recognition (manner of walking)

Suggested Password Solutions

Omit the last character or two.

Add extra characters.

Systematically change one character in the password (for
example, the second character is always one more than what
it should be, if the letter written down is B, then you actually
type A


If used correctly passwords

Provide a low risk

Cost Effective

Familiar interface to authenticate into