Skip to content

Password Management Protocol

May 30, 2011

Access control mechanisms rely heavily to secure authentication with the use of the combination of multiple factors to verify the identity of the object wishing to access or communicate with the resources of the IT infrastructure or, maybe as simple as running a program on a home computer. The nature of the resources being confidential and valuable, they are protected by some sort of authentication technology and to access this resources users must verify their digital identity. Such authentication can be achieved through the use of techniques such as username-password combination, biometric identification such an iris or fingerprint scanning, or through some sort of hardware components in the form of smartcards. It should come as no surprise that the weakest link of a secure system is the human factor. Humans are prone to attacks such as phishing scams that without the proper trainer could easily compromise the security mechanisms in place. It should also come as no surprise that when implementing an authentication system that uses passphrases, the human factor also affects the security of the system if the users utilize poorly chosen passwords which would then be susceptible to guessing attacks (Lowe, 2004). To this end, there arise two conflicting requirements with passwords; that they must be difficult to compromise yet easy to remember (Keith et al, 2009).

One particular password management protocol is available for Apple users; the Keychain Access. Apple’s Keychain Access allows users to store usernames with its associated password for different applications and programs. Keychain access is a great way in managing various accounts since the passwords contained in that program encrypted and can the functionality can be turned on and off at the discretion of the user (Frakes and Breen, 2004). One weakness that this password management protocol has is that the default settings aren’t acceptable. By default, the program uses that same password as the OS, which makes a breach on that level potentially harmful on the Keychain access as well. The program also doesn’t turn off by default when the computer is turned to sleep mode. Another potential weakness is that the program doesn’t require the use of strong, convoluted passwords. The program does inform the user that the password being created and stored is rather weak but does only goes so far as reminding the user of the fact. This is a weakness according to Hsien et al. (2005) because weak passwords, unlike strong passwords, can’t resist a guess attack.

References

Frakes, Dan, and Christopher Breen. 2004. “The Keychain’s Hidden Powers.” Macworld 21, no. 11: 68-69. Business Source Premier

Hsien-Chu, Wu, Hwang Min-Shiang, and Liu Chia-Hsin. 2005. “A Secure Strong-Password Authentication Protocol.” FundamentaInformaticae 68, no. 4: 399-406.

Keith, Mark, Benjamin Shao, and Paul Steinbart. 2009. “A Behavioral Analysis of Passphrase Design and Effectiveness.” Journal of the Association for Information Systems 10, no. 2: 63-89.

Lowe, Gavin. 2004. “Analysing protocols subject to guessing attacks.” Journal of Computer Security 12, no. 1: 83-97.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: