-As password length and complexity increases, usability suffers
-Phishing and social engineering – users do not authenticate who is asking for a password
-Once a password is stolen, it can be used many times
-> This is why there are policies that say passwords be changed frequenty
-Humans have a hard time remembering lots of passwords. Usable passwords are easy to guess.
Sys Administrators:
– Never store passwords in the clear
– Store only hashed values generated with a random salt and limit acess to them
– Avoid general purpose fast hash functions
Users:
– Use password managers
Other Authentication Methods
– you must have them
– May require additional hardware (e.g., readers)
– How does it implement authentication (challenge/response)
– Cost and misplaced trust(RSA SecureID master key breach)
Various biometrics
– Fingerprints(finger swipes)
– Keystroke dynamics
– Voice
– Retina scans