Alternatives to Passwords
David Bohn
Password : History
• The average working professional has 6 passwords to perform
daily functions
• Passwords if used correctly are low risk, cost effective
• Most common source of security
Password : Problem
• Users usually use “weak” passwords, because “strong” passwords
are hard to remember.
• Passwords written down and not placed in a secure area.
• Sharing passwords.
• Most computer attacks
Current Solutions
A few Solutions:
• Biometrics
• Smart Cards
• Radio Frequency ID (RFID)
Biometrics : Defined
• The automated use of physiological or behavioral characteristics to
determine or verify identity.
• data derived from direct measurement of a part of the human
body
Biometric : Benefits
Employer
Reduced costs – password maintenance
Reduced costs – no buddy punching
Increased security – no shared or compromised passwords
Increased security – deter and detect fraudulent account
access
Increased security – no badge sharing in secure areas
Biometric : Benefits
Employees
Convenience – no passwords to remember or reset
Convenience – faster login
Security – confidential files can be stored securely
Consumers
Convenience – no passwords to remember or reset
Security – personal files, including emails, can be secured
Security – online purchases safer when enabled by
biometric
Privacy – ability to transact anonymously
Biometrics : Leading Technologies
•
•
•
•
•
•
Fingerprint (optical, silicon, ultrasound, touch less)
Facial recognition (optical and thermal)
Voice recognition (not to be confused with speech recognition)
Iris recognition
Retina-scan
Hand geometry - Signature-scan
Biometrics : Fingerprints
• Most common and used biometric approach
• Optical vs. Silicon vs. Ultrasound
• Main uses of fingerprints: daily access to networks and PCs, enter
restricted areas, and to authorize transactions
Biometrics : Fingerprints
• Door locks are around $200 and
up
• USB drive with fingerprint reader
$80 and up
Biometric : Fingerprints
Optical reads
• Oldest and most widely used
• A charged coupler device converts image
• Focuses on dark ridges and light valleys.
• Transmitted as a digital signal.
Biometric : Fingerprints
Silicon reads
• Works as a DC capacitance. The plate as
one capacitor and the finger is the other.
• Converts prints into an 8bit grayscale digital
image.
• Better quality than optical, with less surface
area than optical
Biometric : Fingerprints
Ultrasound
• Considered the most accurate of the three.
• Transmits acoustic waves and measures the
distance bases on the impedance of the
finger.
• Capable of penetrating dirt and residue.
Biometric : Problems with Fingerprints
•
•
•
•
Cold finger
Dry/oily finger
High or low humidity
Manual activity that would
mar or affect fingerprints
(construction, gardening)
• Pressure of placement
• Location of finger on platen
(poorly placed core)
• Cuts to fingerprint
• Angle of finger placement
Biometrics : Facial Recognition
• Feature analysis
• Feature analysis is robust
enough to perform 1-1 or 1many searches
• Utilizes distinctive features of
the face
• Verification time from “system
ready” prompt: 3-4 seconds
Biometric : Problems with Facial
Recognition
•
•
•
•
•
Change in facial hair
Change in hairstyle
Adding/removing hat, glasses
Quality and placement of camera
‘Loud’ clothing that can distract
face location
• Change in weight
• Angle at which facial image is
captured
• Too much movement
• Quality of capture device
• Lighting conditions
Biometric : Voice Recognition
• Voice recognition vs. Speech Recognition
• Voice recognition verifies the identity of the individual who is
speaking
• Utilizes the distinctive aspects of the voice to verify the identity of
individuals
Biometric : Problems with Voice Recognition
•
•
•
•
•
•
•
Cold or illness that affects voice
Different enrollment and verification capture devices
Different enrollment and verification environments (inside vs. outside)
Speaking softly
Variation in background noise
Poor placement of microphone / capture device
Quality of capture device
Biometric : Iris Scans
• Primary visible characteristic is
the trabecular meshwork
• Other visible characteristics
include rings, furrows, freckles,
and the corona
Biometric : Iris Scan
• Trabeculum of loose fibers found at the iridocorneal angle
between the anterior chamber of the eye and the venous
sinus of the sclera; the aqueous humor filters through the
spaces between the fibers into the sinus and passes into the
bloodstream.
Biometric : Problems with Iris Scans
• Too much movement of head or eye
• Glasses – Colored Contacts
• Takes a long time for most people to before acquainted with the
system
• User placed between 2-18 inches away. Capture and verification
are nearly immediate. Typical verification time from “system
ready” prompt: 3-5 seconds
Biometric : Retina Scan
• Verify blood vessel patterns on retina
• Typical verification
time from “system
ready” prompt:
10-12 seconds.
Biometric : Problems with Retina Scans
• Too much movement of head or eye
• Glasses
Biometric : Hand Recognition
• Inferring the length, width, thickness, and surface area of the hand and
fingers from silhouetted images projected within the scanner.
• Over 90 measurements are taken
• Some are based on the shape and characteristics of the index and
middle finger.
• Relatively accurate technology, but does not draw on as rich a data set
as finger, face, or iris
Biometric : Problems with Hand Recognition
•
•
•
•
•
•
Jewelry
Change in weight
Bandages
Swelling of joints
Also very costly startup
Cannot perform 1 –to-many searches
Smart Cards
• Inside of a smart card usually contains an embedded 8-bit
microprocessor
• The microprocessor on the smart card is there for security. The host
computer and card reader actually "talk" to the microprocessor. The
microprocessor enforces access to the data on the card. If the host
computer read and wrote the smart card's random access memory,it
would be no different than a diskette
Smart Cards
Uses of Smart Cards
• Credit cards
• Electronic cash
• Computer security systems
• Wireless communication
• Loyalty systems (like
frequent flyer points)
• Banking
• Government identification
Average Smart Card Specs.
1 kb of RAM
• 24 kilobytes of ROM
• 16 kilobytes of programmable
ROM
• 8-bit microprocessor running at 5
MHz
Problems with Smart Cards
• The United States still relies heavily on
magnetic strips.
• Costly startup fee
• Codes can be found figured out by watching
power consumption
Radio Frequency ID
• Works with radio frequency (RF)
technology
• Uses low frequency and low power, it does
not interfere with other telemetry equipment
• A user within the proximity of the
computer, the user is allowed access to the
system. When they leave the computer is
locked again.
Radio Frequency ID
• From 3 to 30 Feet
• Passive (no battery) vs. Active
Problems with RFID
Hard to read near metal or if the transmitter
has passed through water.
Up and Coming Biometrics
•
•
•
•
•
•
DNA
Ear Shape
Odor (human scent)
Vein-scan
Nailbed Identification (ridges in fingernails)
Gait Recognition (manner of walking)
Suggested Password Solutions
• Omit the last character or two.
• Add extra characters.
• Systematically change one character in the password (for
example, the second character is always one more than
what it should be, if the letter written down is B, then you
actually type A
Passwords
If used correctly passwords
• Provide a low risk
• Cost Effective
• Familiar interface to authenticate into
systems.