Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Password
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Alternatives to passwords for authentication== The multiple ways in which permanent or semi-permanent passwords can be compromised has prompted the development of other techniques. Some are inadequate in practice, and in any case few have become universally available for users seeking a more secure alternative.<ref>{{Cite web |title=The top 12 password-cracking techniques used by hackers |url=https://www.itpro.co.uk/security/34616/the-top-password-cracking-techniques-used-by-hackers |access-date=18 July 2022 |website=IT PRO |date=14 October 2019 |language=en}}</ref> A 2012 paper<ref>{{cite web |url=http://research.microsoft.com/pubs/161585/QuestToReplacePasswords.pdf |title=The Quest to Replace Passwords (pdf) |publisher=IEEE |date=15 May 2012 |access-date=11 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150319050624/http://research.microsoft.com/pubs/161585/QuestToReplacePasswords.pdf |archive-date=19 March 2015 }}</ref> examines why passwords have proved so hard to supplant (despite multiple predictions that they would soon be a thing of the past<ref name="CNET">{{cite web |url=http://news.cnet.com/2100-1029-5164733.html |title=Gates predicts death of the password |website=CNET |date=25 February 2004 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402133435/http://news.cnet.com/2100-1029-5164733.html |archive-date=2 April 2015 }}</ref>); in examining thirty representative proposed replacements with respect to security, usability and deployability they conclude "none even retains the full set of benefits that legacy passwords already provide." * [[One-time password|Single-use passwords]]. Having passwords that are only valid once makes a number of potential attacks ineffective. Most users find single-use passwords extremely inconvenient. They have, however, been widely implemented in personal [[online banking]], where they are known as [[TAN (banking)|Transaction Authentication Numbers]] (TANs). As most home users only perform a small number of transactions each week, the single-use issue has not led to intolerable customer dissatisfaction in this case. * [[Time-synchronized one-time passwords]] are similar in some ways to single-use passwords, but the value to be entered is displayed on a small (generally pocketable) item and changes every minute or so. * [[Passwordless authentication]] which a user can log in to a computer system without entering (and having to remember) a password or any other knowledge-based [[Shared secret|secret]]. In most common implementations users are asked to enter their public identifier (username, phone number, email address etc.) and then complete the authentication process by providing a secure proof of identity through a registered device or token. Most of implementations rely on [[public-key cryptography]] infrastructure where the public key is provided during registration to the authenticating service (remote server, application or website) while the private key is kept on a userβs device (PC, smartphone or an external [[security token]]) and can be accessed only by providing a biometric signature or another authentication factor which is not knowledge-based.<ref>{{cite news |title=No password for Microsoft Account: What does passwordless authentication mean? |url=https://www.businesstoday.in/technology/internet/story/no-password-for-microsoft-account-what-does-passwordless-authentication-mean-306902-2021-09-17 |access-date=12 April 2022 |work=Business Today |language=en}}</ref> * [[PassWindow]] one-time passwords are used as single-use passwords, but the dynamic characters to be entered are visible only when a user superimposes a unique printed visual key over a server-generated challenge image shown on the user's screen. * Access controls based on public-key cryptography e.g. [[Secure Shell|ssh]]. The necessary keys are usually too large to memorize (but see proposal Passmaze)<ref>[http://eprint.iacr.org/2005/434 Cryptology ePrint Archive: Report 2005/434] {{webarchive|url=https://web.archive.org/web/20060614024642/http://eprint.iacr.org/2005/434 |date=14 June 2006 }}. eprint.iacr.org. Retrieved on 20 May 2012.</ref> and must be stored on a local computer, [[security token]] or portable memory device, such as a [[USB flash drive]] or even [[floppy disk]]. The private key may be stored on a cloud service provider, and activated by the use of a password or two-factor authentication. * [[Biometric]] methods promise authentication based on unalterable personal characteristics, but {{as of|2008|lc=y}} have high error rates and require additional hardware to scan,{{needs update|date=July 2021}} for example, [[fingerprint]]s, [[iris (anatomy)|irises]], etc. They have proven easy to spoof in some famous incidents testing commercially available systems, for example, the gummie fingerprint spoof demonstration,<ref>{{cite journal|author1=T Matsumoto. H Matsumotot |author2=K Yamada |author3=S Hoshino |editor-first1=Rudolf L. |editor-last1=Van Renesse |name-list-style=amp |title= Impact of artificial 'Gummy' Fingers on Fingerprint Systems|journal= Proc SPIE|volume= 4677|doi=10.1117/12.462719|page=275 |year=2002|series=Optical Security and Counterfeit Deterrence Techniques IV |bibcode=2002SPIE.4677..275M |s2cid=16897825 }}</ref> and, because these characteristics are unalterable, they cannot be changed if compromised; this is a highly important consideration in access control as a compromised access token is necessarily insecure. * [[Single sign-on]] technology is claimed to eliminate the need for having multiple passwords. Such schemes do not relieve users and administrators from choosing reasonable single passwords, nor system designers or administrators from ensuring that private access control information passed among systems enabling single sign-on is secure against attack. As yet, no satisfactory standard has been developed. * Envaulting technology is a password-free way to secure data on removable storage devices such as USB flash drives. Instead of user passwords, access control is based on the user's access to a network resource. * Non-text-based passwords, such as [[graphical password]]s or mouse-movement based passwords.<ref>[http://waelchatila.com/2005/09/18/1127075317148.html Using AJAX for Image Passwords β AJAX Security Part 1 of 3] {{webarchive|url=https://web.archive.org/web/20060616132332/http://waelchatila.com/2005/09/18/1127075317148.html |date=16 June 2006 }}. waelchatila.com (18 September 2005). Retrieved on 2012-05-20.</ref> Graphical passwords are an alternative means of [[authentication]] for log-in intended to be used in place of conventional password; they use [[image]]s, [[graphics]] or [[colours]] instead of [[Letter (alphabet)|letters]], [[numerical digit|digits]] or [[special characters]]. One system requires users to select a series of [[face]]s as a password, utilizing the [[human brain]]'s ability to [[face perception|recall faces]] easily.<ref>Butler, Rick A. (21 December 2004) [http://mcpmag.com/reviews/products/article.asp?EditorialsID=486 Face in the Crowd] {{webarchive|url=https://web.archive.org/web/20060627235632/http://mcpmag.com/reviews/products/article.asp?EditorialsID=486 |date=27 June 2006 }}. mcpmag.com. Retrieved on 2012-05-20.</ref> In some implementations the user is required to pick from a series of images in the correct sequence in order to gain access.<ref>[http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1001829,00.html graphical password or graphical user authentication (GUA)] {{webarchive|url=https://web.archive.org/web/20090221192235/http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1001829,00.html |date=21 February 2009 }}. searchsecurity.techtarget.com. Retrieved on 20 May 2012.</ref> Another graphical password solution creates a [[one-time password]] using a randomly generated grid of images. Each time the user is required to authenticate, they look for the images that fit their pre-chosen categories and enter the randomly generated alphanumeric character that appears in the image to form the one-time password.<ref name="Images Could Change the Authentication Picture">{{cite web |url=http://www.darkreading.com/authentication/security/client/showArticle.jhtml?articleID=228200140 |title=Images Could Change the Authentication Picture |author=Ericka Chickowski |publisher=Dark Reading |date=3 November 2010 |url-status=live |archive-url=https://web.archive.org/web/20101110034234/http://www.darkreading.com/authentication/security/client/showArticle.jhtml?articleID=228200140 |archive-date=10 November 2010 }}</ref><ref name="Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites">{{cite web|url=http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm|title=Confident Technologies Delivers Image-Based, Multifactor Authentication to Strengthen Passwords on Public-Facing Websites|date=28 October 2010|url-status=live|archive-url=https://web.archive.org/web/20101107185604/http://www.marketwire.com/press-release/Confident-Technologies-Delivers-Image-Based-Multifactor-Authentication-Strengthen-Passwords-1342854.htm|archive-date=7 November 2010}}</ref> So far, graphical passwords are promising, but are not widely used. Studies on this subject have been made to determine its usability in the real world. While some believe that graphical passwords would be harder to [[Password cracking|crack]], others suggest that people will be just as likely to pick common images or sequences as they are to pick common passwords.{{Citation needed|date=September 2009}} * [[2D Key]] (2-Dimensional Key)<ref>[http://www.xpreeli.com/doc/manual_2DKey_2.0.pdf User Manual for 2-Dimensional Key (2D Key) Input Method and System] {{webarchive|url=https://web.archive.org/web/20110718132313/http://www.xpreeli.com/doc/manual_2DKey_2.0.pdf |date=18 July 2011 }}. xpreeli.com. (8 September 2008) . Retrieved on 2012-05-20.</ref> is a 2D matrix-like key input method having the key styles of multiline passphrase, crossword, ASCII/Unicode art, with optional textual semantic noises, to create big password/key beyond 128 bits to realize the MePKC (Memorizable Public-Key Cryptography)<ref>Kok-Wah Lee "Methods and Systems to Create Big Memorizable Secrets and Their Applications" Patent [https://patents.google.com/patent/US20110055585 US20110055585], [https://archive.today/20120805193738/http://www.wipo.int/pctdb/en/wo.jsp?WO=2010010430 WO2010010430]. Filing date: 18 December 2008</ref> using fully memorizable private key upon the current private key management technologies like encrypted private key, split private key, and roaming private key. * [[Cognitive password]]s use question and answer cue/response pairs to verify identity.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)