Passwords authentication - security and usability

Data security is an actual issue that is being discussed, especially in the public administration domain for the value of information that data contain.

One of requirements on secure information systems is a secure authentication of persons working with these systems. Although many mature authentication mechanisms exist (for example smart cards, biometrics), currently passwords are still used for these purposes. The reasons of passwords using are low expenses and easiness of implementation. Although this way of authentication is generally accepted by end users, passwords have many of the deficiencies arising from limitation of human memory. It is difficult for end users to remember long strings that contain randomly generated characters. That is way the end users select as their passwords commonly used words like names of football clubs, names of pets and so on.

Sure, these weak passwords are not resistant against dictionary attack and brute force attack. When forcing the users to create strong passwords (it means passwords that are long enough, randomly generated and used only to one system), the users write them down or forget them. This user behavior can make social engineering attack easier.That is why the password authentication appears to involve a tradeoff. It seems more secure password means the less usable password.

On the seminar the results of the passwords authentication research will be presented. The mathematical model of the simulation of dictionary attack and a brute force attack will be discussed and really used passwords will be examined by this model. New approaches in passwords authentication will be outlined with the emphasis on the keystroke dynamics biometric authentication.

Outros seminários / Other seminars: Programa completo / Full programme.