StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

One-Time Password Issues - Essay Example

Cite this document
Summary
The essay "One-Time Password Issues" focuses on the critical analysis of the major issues in the use of a one-time password. A one-time password (OTP) is a password that is only recognized for a single login or transaction. OTPs prevent numerous limitations…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.5% of users find it useful

Extract of sample "One-Time Password Issues"

Running head: ONE-TIME PASSWORDS One-time passwords Institution Name Date One-time password (OTP) Introduction A one-time password (OTP) is a password that is only recognized for a single login or transaction. OTPs prevent a number of limitations that are related with conventional (static) passwords. The most significant limitation that is tackled by OTPs is that, as opposed to static passwords, they are not susceptible to replay attacks. This implies that, if a potential interloper manages to trace an OTP that was previously used to log into a service or carry out a transaction, he will not be able to misuse it since it will be not be recognized. On the downside, OTPs cannot be memorized by people (Logan, et al, 2010). A one-time password is thus described as a randomly created single-use password. An example is the SonicWALL SSL-VPN One-Time Password. This system is a two-factor authentication scheme that uses one-time passwords to beef up security provided by the normal user name and password for SonicWALL SSL-VPN users. The SonicWALL SSL-VPN One-Time Password scheme compels the users to login the correct SonicWALL SSL-VPN login details. After scrutinizing the standard login checklist the system creates a one-time password which is transferred to the user’s e-mail address. The user must login to their email account to recover the one-time password and type it into the SSL-VPN login screen when requested, before the single use password expires (Logan, et al, 2010). The SonicWALL SSL-VPN One-Time Password scheme offers more security than the regular static password alone. Using a one-time password to beef up the regular login details successfully adds a second level of authentication. Users should be able to login into the stipulated email address before completing the SSL-VPN One-Time Password login procedure. Every one-time password is valid for only one use an expires after a specific period of time, compelling a new one-time password to be created after every successful login, a cancelled or unsuccessful login effort, or a login effort that has timed out, thus minimizing the chances of a one-time password being compromised (Logan, et al, 2010). Type of controls associated with OTPs There are many types of controls associated with one-time password. Some of the controls involved are: Procedural controls This relates to policies and procedures in regard to how people operate at work and how they carry out their own activities. This relates to security of data, passwords, hiring and disciplinary at the work place. Other issues involved in procedure controls are audit, monitoring and adhering to the regulatory requirements as far as security is concerned. Logical and physical controls and staff access cards. All these are concerned with security of information and other possessions just like the one-time password. The one-time passwords are thus controlled with standards and guidelines, PCI compliance, CoBIT and guidance for choosing logical and physical controls (Barkan, 2003). Logical/Technical controls This relates to the use of software and data to manage and control access the information in computer systems. It also entails passwords, means of authentication, Network and Host-based Firewalls, Network Intrusion Detection Systems, Access Control Lists (ACLs), Data Encryption. The term ‘least privilege’ is used to refer to limitation of access rights and authorisation to those just appropriate for the task in question. One-time passwords are concerned with security and particularly restriction of access to minimize risks and vulnerabilities of web servers. Physical controls This relates to the monitoring and control access to computer systems or any other resources in a firm. It also entails separation of functions and also includes support facilitates. It also relates to data centre power, networks, heating and cooling. Access controls Access controls entails issues like identification and authentication and authorization. All these are to some extent related to one-time password. Identification involves confirmation of a claim of who a person is and association or relation with the responsibility and the essential set of rights. Authentication This entails: Proving the assertion of identification Something one is familiar with like PIN, Password and pet’s Name Something in possession – Swipe or Credit Card Something you are – Fingerprint, Eye-print, Voice Single Factor like any of the one described above Multi-Factor- a combination of two or more of these described above Authorisation What the authenticated identify is around to do. Strengths and weaknesses of OTPs One of the major weaknesses of the one-time passwords is that they are susceptible to cracking. One-time passwords are susceptible to public engineering attacks in which phishes access OTPs by tricking clients into revealing one or more OTPs that they have previously used. One-time passwords are susceptible to phishing through two major methods. One way is where the swindler gets the OTP in plaintext fast enough and the other method is where the swindler uses the information got through phishing to predict the password. This latter form of attack can however be prevented through the use of encrypted hash chains. Another weakness of the one-time passwords is that they are also susceptible to third party attacks. This can easily be prevented by not disclosing the passwords to any person. One-time password are however more secure than the memorized passwords since they validity expires once they have been used (Fujita & Mejri, 2006). The one-time passwords are more secure than the memorized passwords since the validity of the password expires once the password has been used and the restricted time expires. Attacks by third parties can be avoided by using the OTP as one layer in layered security. One way of applying the layered security is the use of OTP in combination with the regular password which has been memorized by the user. Description of successful OTPs An example of a successful application of one-time password is the mobile One-Time Passwords by Enterprise-quality SMS provider TynTec in the banking sector. The service which will allow the financial institutions to send to their clients one-time, time restricted passwords to login to essential services such as online banking employs TynTec’s proprietary SMS back-end equipment which ensures security delivery of all messages within 5-15 seconds. Cyber fraudsters, whether using phishing devices, key sorting software, Trojans or other malevolent program, are and have been a threat to the banking industry and particularly the retail banking sector. By offering an extra level of password security, OTP’s provide a new and efficient level of security, giving a level of protection that can not be provided by conventional static passwords. OTPs, a type of the most recently developed security tool is assisting banks in the prevention of cyber frauds. Instead of depending on conventional memorized passwords, OTPs customers apply for passwords every time they are in need of a financial transaction by logging in to the online banking interface. When the application is received the password is transferred to the customer’s phone through an SMS. The password is no longer valid once it has been used and the allowed time has expired. The TynTec OTP solution provides numerous benefits compared to standard SMS systems (Barkan, 2003). The fact that TynTec can provide a unique assurance of delivery within 5-15 seconds complimented by a quantifiable SLA implies that consumers will always receive their passwords in a timely manner (Fujita & Mejri, 2006). Procedural controls in using OTPs The task of implementing procedural controls is the responsibility of the system administrator. The administrator ensures that the users have a FreeBSD account and a password before they access the FreeBSD system. One of the key responsibilities of the system administrator is to set an appropriate password policy for both the users as well as the network. This is an important task in the creation of appropriate procedural controls in the application of OTPs. Some of the points to consider include the setting of minimum length of password and the nature of the passwords. Audit and logging checks for OTPs One of the most appropriate methods of providing logging checks for the OTPs is through the use of port-knocking. Port- refers to the method of sending a shared secret from a random host to another, usually a secure host. This shared secret is usually a short sequence of connect (2) calls to a string of ports at which point the firewall is enabled to the sending server. Since this system is susceptible to attacks some port-knocking systems which employ the cryptography apply their source IP to safeguard themselves from threats. The application of port-knocking systems entails restricting the access to important resources by applying the port-knocking system as the security measure and those darned replay attacks can be blocked via cryptographic techniques. The audits for the passwords entail checking whether the passwords meet the minimum requirements set by the responsible system administrator (Barkan, 2003). Cracking OTPs and checking the risks In order to prevent cracking of OTP passwords, the generation of passwords and password policies must be very creative. The passwords should have at least one non-letter character and should not be the user’s username or repeated. The users should be aware of the policy applied in the selection of the passwords and the system should be customized in such a way that it does not generate poor passwords which are susceptible to cracking. After the password has been used or before it is used, it should not be stored in the FreeBSD system. Instead an encrypted format should be used (Fujita & Mejri, 2006). Conclusion One-time passwords are the most secured measure to use in the protection of information as well as safeguarding cash from swindlers in the world today. The one-time passwords are more secure than the memorized passwords since the validity of the password expires once the password has been used and the restricted time expires. For maximum security the OTP details should not be disclosed to third parties. References Barkan, E. Et al. (2003). "Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication". New York: IOS Press Fujita, H. & Mejri, M. (2006). New trends in software methodologies, tools and techniques: proceedings of the fifth SoMeT 06. New York: IOS Press Logan, M. et al. (2010). Erlang and OTP in Action. London: Manning Publications Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(One-time Password Essay Example | Topics and Well Written Essays - 1500 words, n.d.)
One-time Password Essay Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/2033619-security-1
(One-Time Password Essay Example | Topics and Well Written Essays - 1500 Words)
One-Time Password Essay Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/2033619-security-1.
“One-Time Password Essay Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/2033619-security-1.
  • Cited: 0 times

CHECK THESE SAMPLES OF One-Time Password Issues

Password Cracker

Your full November 15, password Cracker When somebody has access to someone's network but does not have the password to enter it, he uses password cracking to retrieve the user's password.... password crackers are most commonly used by hackers to gain unauthorized access to network systems but they are also used by network administrators to test the network security.... This report intends to discuss three very important password cracking techniques namely the Brute- force technique, the Rainbow table technique, and social engineering....
16 Pages (4000 words) Research Paper

Authentication Methods and Techniques

This review ''Authentication Methods and Techniques'' discusses the vulnerability issues associated with each authentication method and assesses it against some important assessment factors and how to decide the best authentication strategy while living amidst the sophisticated hackers' realm.... The paper also discusses the vulnerability issues associated with each authentication method and assesses it against some important assessment factors.... issues: Although text based authentication is presently the most commonly used method yet it is not the strongest and highly susceptible to attacks....
10 Pages (2500 words) Research Paper

Password Cracking Systems

This paper ''password Cracking Systems'' intended to throw a detailed light upon which password cracking mechanisms are and how they come into effect.... rotecting an individual's data by restricting access to it can be done by means of placing a password entry request mechanism every time that particular data is accessed.... Protecting an individual's data by restricting access to it can be done by means of placing a password entry request mechanism every time that particular data is accessed....
24 Pages (6000 words) Report

Password Cracking Systems

In this scenario, secret password dictionaries are presented for a multiplicity of subjects and arrangements of diverse issues or topics, comprising videos, political affairs and song categories (TechTarget, 2001).... This research paper discusses the password cracking systems in detail.... password cracking is a process of accessing a computer system, network or resource with or without making use of software applications to open a resource that has been locked with a password....
20 Pages (5000 words) Research Paper

Authentication of the Modern Generation

With universal authentication, a subscriber enters one set of parameters such as a username and password at the start of every network session.... More and more on-line self-service applications and an increasingly complex learning environment require such systems to be based on a single ID and password.... "Without these, universal password authentication poses some obvious security risks," 1 ... At the same time, universal password authentication is an exciting concept....
7 Pages (1750 words) Term Paper

Password and hacking under the privcy issues

It will also describe the most common methods of password violation and the hackers' point of view on this matter, under the privacy issues.... nstalling password for online accounts is one of these methods; in fact, it is the most popular one.... he objective of this paper is to analyze how violating one's account by cracking its password is regarded from the privacy ethical point of view.... Some popular law cases connected to password hacking will be described and analyzed....
21 Pages (5250 words) Research Paper

Performance and Security of Windows Server

Another way of authentication is integrated Windows authentication which is secure and hashes the user name and password for network transmission.... Account policy allows the administrator to define password requirements and Kerberos key policies.... This addresses the account and password policies which must be enforced for all servers in any domain.... Account policies like password policy, account lockout policy and Kerberos policy security settings can be implemented at the Domain Level....
8 Pages (2000 words) Case Study

The Concept of Password Management

The paper focuses on the concept of password management and how to solve the issues of having so many passwords and having to change them for the different applications at the workplace.... As such, the project focuses on the concept of password management and How to solve the issues of having so many passwords and having to change them for the different applications at the workplace.... password Management password Management Introduction password management at the workplace is a constantstruggle for the modern employee or worker....
9 Pages (2250 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us