1. An Analysis of the Alternatives to
Traditional Static Alphanumeric
Passwords
Mahmoud Abaza and Brent Hunter
School of Computing and Information Systems, Athabasca
University
mahmouda@athabascau.ca
4. Example ideas to overcome weakness of
Alphanumeric Passwords:
•password haystacks system (Gibson)
•system of using 4 or more unrelated
dictionary words (Munroe)
5. An average person may have
to log in to 8 or more systems
over the course of a day, and
will probably use the same
password for more than one of
them
6. • Enhancements for traditional
alphanumeric passwords.
• Replacements for traditional
Alphanumeric Passwords.
7. Enhancements for traditional
alphanumeric passwords.
.• enhanced password creation
mechanisms,
• password storage and management
systems
• single sign on systems,
• secondary identity verification
9. Enhancements for traditional alphanumeric passwords
& Replacements for traditional Alphanumeric
Passwords.
•How easy to use
•How easy to implement
•How secure
•How versatile.
10. Replacement: One-Time password
•Not Easy to use (requires a token)
•Not easy to implement(requires back-end
authentication infrastructure)
•Not easy to share.
11. Replacement: Certificate based (smart
cards and computer certificate)
•Not Easy to use (requires a smart card)
•Significantly more overhead.
•Less versatile (requires a reader).
12. Replacement: Biometrics.
•Difficult to implement (requires hw and
sw at endpoints)
•Once forged, it is not easy to re-issue.
•False negatives.
•Not versatile (require additional hw.)
13. Replacement: Non-alphanumeric.
•Graphical passwords are not easy to enter
•More difficult o implement (many require
backend authentication).
•Most require agent installed on each
machine.
•Other such difficulties.
15. Enhancement: Password storage and
management.
•Single point failure.
•Difficult to use (requires form filler on the
user’s side)
•More difficult to implement.
•Needs updating.
16. Enhancement: Single Sign On.
•Single point failure.
•Requires additional administrative work.
•Not versatile (Systems must provide
single sign on standard) .
17. Properly picked traditional alphanumeric
passwords currently work better than any
of the other available options?????