Wednesday, September 25, 2019
One Time Passwords Research Paper Example | Topics and Well Written Essays - 1250 words
One Time Passwords - Research Paper Example The new passwords are generated by the system using a one-way hash function (Bhaiji, 2009). Challenge/response: This type also uses mathematical algorithm, but with a challenge function. In this type, the user needs to generate a one-time password by entering a challenge (a random number or secret key), received at the time of login, into the password-generating token/software. Since new passwords are based on a challenge mechanism instead of being based on previous password, this type offers more security as compared to mathematical algorithm type (Bhaiji, 2009). Time-synchronized: In this type, passwords are generated by the system using a physical hardware token that has an accurate clock synchronized with the clock on the authentication server (Bhaiji, 2009). OTP technology is a type of multifactor (two-factor) authentication access control which provides strong user authentication for secure access. Two-factor authentication refers to the combination of any two of the three basic forms of one-factor authentication mechanism: something the user knows such as a password, pass phrase or PIN (personal identification number), something the user possesses such as a smart card or access token (hardware or software), and something physically unique about the user such as a fingerprint, voice, retina or iris scan, or DNA sequence (Samuelle, 2008). If the intruder is able to guess a randomly generated OTP somehow, he will be able to access the system only once because subsequent access would require him to get lucky again guessing a randomly generated OTP. The major problem of OTPs is that no user can ever able to remember them because they are generated in bulk and stored in a file on a system. Therefore, OTPs are vulnerable to eavesdropping because if someone knows that the passwords are stored in the file, and then he can gain unauthorized access to the userââ¬â¢s account where he can then install keystroke-capturing
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.