ERIC Number: EJ844187
Record Type: Journal
Publication Date: 2007-Nov
Pages: 3
Abstractor: ERIC
ISBN: N/A
ISSN: ISSN-1553-7544
EISSN: N/A
Strengthening Authentication
Gale, Doug
Campus Technology, v21 n3 p24, 26, 28 Nov 2007
The basics of authentication are straightforward. One can prove his or her identity in three ways: (1) something one "has" (for example, a key or a birth certificate); (2) something one "knows" (such as a password); or (3) something one "is" (such as one's fingerprints, used in biometric technologies). In the world of computers and networks, the most common form of authentication is a password. To reduce the vulnerabilities associated with password authentications, strong passwords (those that are difficult for a hacker to guess or gain by a brute-force attack) are generally required, and change of passwords must be done on a regular basis. But in order to remember a plethora of strong, frequently changing passwords, many people write them down. Or worse, people often use the same password for everything. And in the process, they create a new, glaring vulnerability. Passwords will remain popular, however, because they are highly portable, easy to implement, relatively cheap, and convenient to use. And despite the potential for disaster, password security can be effective if people use strong passwords; if they keep their passwords secret; if they learn to recognize a phishing attack; if they only store their password list using an encryption scheme such as Apple's Keychain or GNU's Keyring; and if they have a bit of luck. People can greatly strengthen password security by adding a second authentication factor. Because of the relatively greater cost of biometric devices, the second factor selected by educational institutions is usually "something one has." A number of "what one has" technologies have become common in business applications, and are often used in combination with a username/password (what one knows) to provide true two-factor authentication. In this article, the author discusses why proving a user's identity is more complicated than it seems and describes some "pretty good" methods which might just be right.
Descriptors: Computer Security, Prevention, Guidelines, Higher Education, Internet, Identification, Information Technology
1105 Media, Inc. 9121 Oakdale Avenue Suite 101, Chatsworth, CA 91311; Tel: 818-734-1520; Fax: 818-734-1522; Web site: http://campustechnology.com/home.aspx
Publication Type: Journal Articles; Reports - Descriptive
Education Level: Higher Education; Postsecondary Education
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A
Grant or Contract Numbers: N/A