Doug Vitale Tech Blog

Posts Tagged ‘credentials

Password-based authentication doomed by inherent flaws

The password-based authentication model is plagued by weaknesses in theory and, as demonstrated by countless hacked accounts, in practice as well. The time for ubiquitous two-factor authentication and password managers is now.

Authentication in computing – the process by which the identity of users is verified – has long relied on passwords as the primary (and often the only) mechanism for account holders to identify themselves. Even the most casual computer users are familiar with the process: when you power on your device or visit certain websites, you often need to enter credentials (i.e., usernames and passwords) to access your files and utilize your account capabilities, and you assume that you are the only one who knows your passwords. In an ideal world, knowledge of passwords would be restricted to the rightful account holders and therefore the entry of valid credentials would be assumed to verify the identity of the user in question. As such, this authentication model seems simple and reliable enough. However, thousands of individuals have had their money and identities stolen, credit cards used, private files accessed, and private emails viewed because the reliability of password authentication failed them. We are going to examine why the practice of logging in to computers and websites with passwords is prone to violation, how these weaknesses are exploited, and what can be done to lower the risks facing our user accounts.

password cloud

Read the rest of this entry »

Written by Doug Vitale

September 3, 2014 at 1:06 AM

%d bloggers like this: