SlideShare a Scribd company logo

User Authentication: Passwords and Beyond

Jim Fenton
Jim Fenton

Presentation on user authentication given at Czech Technical University in Prague on 25 March 2019

Technology
1 of 55
Download to read offline
User Authentication:
 Passwords and Beyond Jim Fenton @jimfenton 1 Czech Technical University in Prague
 25 March 2019
Just a little about me… Consultant (2013-present) Authentication standards: NIST SP 800-63-3 IETF: REQUIRETLS email security proposal CSO at OneID (2011-2013) Authentication startup Distinguished Engineer at Cisco (-2011) Various things including DKIM email signatures 2
Disclaimer I’m a consultant for the US National Institute of Standards and Technology Worked on the SP 800-63-3 update Currently working on errata, guidance for US agencies Everything here is my own (hopefully informed) opinion I don’t speak for NIST! Please contact NIST if you need an official answer 3
Guiding principles Emphasize user experience People cheat when things are not user-friendly Have realistic security expectations Many things need 2-factor authentication Burden the verifier rather than user wherever possible Don’t ask the user to do things that don’t significantly improve security Remember that the goal is to help real users authenticate, not just stop bad actors 4 “Guiding Principles” by Ford-Foundation is licensed under CC BY-ND 2.0
Who are the Users? Everybody: Non-English speakers Homeless people Disabled veterans Hospital patients Physicians Elderly Students Usability needs to consider all of these 5 Photo by Rob Curran on Unsplash
What’s a password? 6 Passphrase Something you know PIN Memorized Secret “Exercise Plays Vital Role Maintaining Brain Health” by A Health Blog is licensed under CC BY-SA 2.0 Passcode
Attacks Online Various types of guessing Offline Attacks on the verifier Side channel Shoulder surfing and more sophisticated attacks Both targeted (e.g., spearphishing) and bulk: very different goals 7 “Under attack!” by Noel Reynolds is licensed under CC BY 2.0
Online attacks Guessing the password Brute force attacks Password stuffing (passwords this user uses elsewhere) Common defenses Throttling (more on this later) Password reuse avoidance (education primarily) Prohibition of very common passwords 8 “On the Air” by Thomas Hawk is licensed under CC BY-NC 2.0
Offline attacks Reversing password hashes (cracking) More efficient with time: Moore’s Law Benefits from cryptocurrency mining technology, GPUs, etc. Defenses Time- and memory-hard hash algorithms Supplemental keyed hashing Protecting hashes better! Generally harder to defend against than online 9
Side channels Obtaining the password through leakage Shoulder surfing Key loggers and other malware Acoustic, key wear, and similar analysis Electromagnetic (TEMPEST), timing, and power drain analysis 10 “shoulder surfing” by Anne Petersen is licensed under CC BY-NC-ND 2.0
Password length Increasing length is the most reliable way of strengthening a password So just require very long passwords? No. Have a rationale for length requirements Don’t drive users to Post-It® notes 11
What are you defending against? ~8 character passwords are effective against online attacks (with reasonable throttling) But it takes more than twice as many characters to provide similar protection against offline attacks 12 Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November 2014.
 http://research.microsoft.com/apps/pubs/default.aspx?id=227130.
Maximum length Don’t limit users’ ability to use long (secure!)
 passwords! Suggest accepting 64 characters or more Rationale: Give users maximum flexibility to choose a memorable pass phrase 64 characters fit on many screens “measuring tape” by areta ekarafi is licensed under CC BY-NC-ND 2.0 13
Space characters Spaces are natural to type in passphrases:
 Allow them! Consider normalizing multiple consecutive spaces to one UI concern: inadvertent typing multiple spaces is hard to see Space characters themselves don’t add much entropy (This is controversial) “the burning of the midnight oil” by Robert S. Donovan is licensed under CC BY-NC 2.0 14
Character set Give users maximum flexibility to choose
 passwords in their native language Accept all printable ASCII characters Accept Unicode, including emojis (1 “character”/code point) 😺 Rationale: Site-specific constraints on special characters have been a UX nightmare Verifier needs to hash the entry anyway, so SQL injection shouldn’t be a concern “Lead Type (melting in the oven of your mind)” by jm3 on Flickr is licensed under CC BY-SA 2.0 15
Hints and prompts tl;dr: Don’t do it! Hints (user-chosen) Users sometimes choose hints like “Password is qwertyui” Need to be stored in the clear or reversibly encrypted to be displayable to the user Prompts (site-chosen) Typically take the form of “security questions” Answers often shared between different services (e.g., first pet) 16 “whisper” by ElizaC3 is licensed under CC BY 2.0
Composition rules Rules specifying what character classes
 must be in passwords Avoid using them: UX nightmare Don’t provide as much value as originally thought May not be applicable in other languages Use a blocklist dictionary instead 17 “Are you freaking INSANE????” by Paige Saez is licensed under CC BY-NC 2.0
Dictionaries: questions How big should the dictionary be? Too small: ineffective Too big: bad user experience (like composition rules, but less transparent) Will users act predictibly when asked to pick a different password? Users might just append something like 1 or ! If so, the dictionary is a great resource for offline cracking 18 “Dictionary” by Caleb Roenigk is licensed under CC BY 2.0
What if someone picks a bad password? If a user picks a password that’s in the dictionary, this is a teaching opportunity 😀 CMU has done some research on this [Habib 2017] Password strength meter might help user pick something stronger 19
Dictionaries: takeaways It’s pretty simple to build a reasonable dictionary Dictionary with size of ~100,000 entries is probably good - but need to test But watch out for that second password pick BadPassword -> BadPassword1 ??? 😰 20
Displaying passwords Much of the time, users aren’t subject to
 shoulder-surfing attacks Consider offering option to display the password rather than dots or asterisks But rehide after some period of time Displaying the password when not likely to be observed helps typing accuracy, and therefore improves user experience 21
Password expiration Don’t require users to change passwords arbitrarily
 (e.g., periodically) If users know their password will be only temporary: They won’t invest the effort in choosing and learning a complex one They’ll pick something similar to the old password But do require change if there is evidence of compromise Have a way to do this, if/when needed. 22 “parking_meter.JPG” by Paul Vladuchick is licensed under CC BY-NC-ND 2.0
Designing password verifiers 23
Hashing Goal: Make it hard for someone who compromises the verifier to learn the password(s) Simplistic approach: Store sha256(password) But: Attacker could try lots of passwords and see what matches But also: Attacker can easily see if two users have same password 24
Salting Addresses uniqueness of hash for a given password At password establishment, choose a random value (“salt”) Store salt, sha256(password || salt) Foils look-up tables (or makes them very big), duplicate searches But: it’s still really fast. Attacker can just guess 25
Iterated hashing Goal: make guessing more expensive for the attacker Store salt, iteration count “n”, pbkdf2(password || salt, n). But: pbkdf2 runs well in graphics processors, doesn’t require much memory Benefits from technology developed for cryptocurrency mining Example: pbkdf2_sha256$30000$Da4AnjGEyPCK$WjRjDzeJTaFzLzDWXV0av0Z5jE7o8mDFEfP9cPvQ9 BQ= Algorithm $ Iteration count $ salt (base64) $ hash (base64) 26
Time and memory hardening Good algorithms for password hashing are: Slow - requires processor resources (“time hard”) Memory consumptive - requires memory resources (“memory hard”) Attackers have access to great CPU resources, specialized hardware Popular algorithm: bcrypt 27
Keyed hashing Supplemental hash with key stored separately Generally best to do hashing in separate processor Could be a hardware device (HSM) for best security If key doesn’t leak, hash can’t be cracked! Simple example: GitHub jimfenton/rehash 28
Case study: Adobe® Reported October, 2013 130,325,129 records containing: Email address Encrypted password (not salted) Password hint (not encrypted) 56,044,956 distinct encrypted passwords (many duplicates) 29
Adobe Problems: Passwords used by multiple people have the same stored value Correlation of hints is possible — this is actually a fun game! Email address facilitates credential stuffing on other services Successes: Encryption key apparently not breached (but who can be sure?) Cracking of hashes not possible because of key 30
The Adobe game 31 0agIJWqXa2Y= (697 records, 276 hints, 152 distinct hints) chugalug same beverage kitty drink uncle drunk - chien Glenlivet drunk booze whiskey horse tape sweet andrews son p male cat liqour What's my dog's name? cat whos ur dawg bunny Border Collie your favourite liquor doggy dog tapes reuse mu dog normal sticky & plaid black label favorite drink geknipst my dog puppy! alcohol aged 25 years whisky school attaccare friendf ehhhhhhhh dimple dogs scortcher pets name ura Irish Setter First Dog fave horse golden normal one carpetCleaner favorite liquor john's password mon chien hi priced liquor gina minou tape? my dogs name what i drink usual its the same ol brand boycatname same as always lijm Better than Cats plakband Dog On Habbo on the rocks college bant Dewers Name of Dog drink and tape Fav. Disney 1 ????????? Cutts nickname for me scotland tacataca ZK a good drink favourite cat publish cat name scotc sc SVR cats first name little one montreal ???? drotch liquor cat's name yellow snake me short Dog's name? mom's dog lenrelax partner puppy FPIS Favorite favorite drink haha loly land down in my belly highland vid tape mfr woof first horse estimac?o c?o speyside malt Pet cats name regular dizzle gatto libation w/o number johnny walker persian alex name of school in Hawthorn Tony & Lou Drink new dog buro favourite drink college australia pyranees zelda pet's name first first single malt yummy beverage nom du chien nationality the usual Favorite Dog DTH favorite beverage favorite team log in pass trunek albert minus wendy Hund Same drink cinta magica Horse name Omi
Adobe — Lessons Lack of salt causes one breached password to impact perhaps hundreds of accounts Password hints are evil Often easier to protect one key stored separately than a large database 32
“Security” questions Also known as Knowledge-Based Authentication (KBA) Aren’t these just passwords with hints? Something you know, so KBA+password isn’t 2-factor Low entropy, likely to be reused on multiple sites Can’t be hashed if fuzzy matching is needed 33 “Pip” by Helen Haden is licensed under CC BY-NC 2.0 First pet?
Case study: Ashley Madison Data breach, July 2015 Included cleartext answers to KBA questions Limited choice of questions, e.g., “What high school did you attend?" Popular answer, Central High School, was represented in many ways:
 central hi, Central HS, Central, etc. 34
Beyond Passwords:
 2 Factor Authentication 35
Look-up secrets Take many forms, often wallet cards or sheets of “recovery secrets” What you have is the piece of paper, card, etc. Advantage: inexpensive, easy to use for very occasional authentications Disadvantage: Limited number of authentications possible 36
Out-of-band authenticators Out-of-band communication to confirm possession and control of “something you have” Can work in different ways: Authentication secret sent through separate channel to user, entered on primary channel Authentication secret sent on primary channel, sent by user on secondary User compares secrets on primary and secondary channels, confirms on secondary Requirements Uniquely addressable, separate from primary authentication channel Use good crypto (secondary channel isn’t necessarily TLS) Authenticate the OOB device securely 37
SMS as OOB authenticator Plaintext SMS is very popular for OOB authentication, but isn’t very good Better than single-factor, but worse than most second factors Easy for attackers to get a target’s phone number reassigned to a device they control Need to accommodate users who change their phone numbers or phones Also: SS7 attacks, forwarding, smartphone malware Make sure the SMS doesn’t go to a VoIP number — wouldn’t establish possession of something Encrypted SMS (using secret stored in SIM) is OK Applies to PSTN voice as well 38
OTP devices and apps Two types: time-based and usage-based At least 6 decimal digits of output (~20 bits entropy) Use throttling to foil guessing attacks Disadvantage: Verifier has to store the user’s RNG seed, this could be compromised (RSA Security breach, 2011) 39
Cryptographic devices and software Take many forms: Smart cards USB devices NFC or other wireless connected devices Client certificate (software) Always directly connected to endpoint 40
Cryptographic authenticators Implement a challenge-response protocol with the verifier Contain a secret, typically an asymmetric private key May implement strong man-in-the-middle resistance, discussed later 41
Biometrics Not nearly as good as they’re often portrayed Zero-effort attacks: typically 1 in 1000 to 1 in 10,000 false accept rate False reject rate too, especially under adverse conditions They don’t work under all conditions Fingerprint with dirty or wet hands You leave biometrics everywhere Hard to revoke 42 “Wine at Sunset” by David McLeish is licensed under CC BY-SA 2.0
Biometric modalities Physical Fingerprint Iris pattern, retina Face geometry Voice 43 Behavioral Typing cadence Walking gait For authentication, performance is the primary consideration
Biometrics and measurement noise There is always measurement noise (dust, etc.) Threshold represents tradeoff between false match and false no-match Want low false match rate, but don’t want frustrated users Effort by impostor can move red graph to right, increasing P(FM) 44 Threshold P(false match)P(false no-match) Match quality Probabilitydensity Correct userIncorrect user
Using biometrics effectively Bind biometrics tightly to a specific authenticated device Therefore always part of a multifactor authenticator Mitigates revocation problem (revoke the associated device) Impose a hard limit (10) consecutive failed attempts Looser limit is OK if Presentation Attack Detection (PAD) used Have a backup activation factor, e.g., memorized secret This addresses attempt lockout, poor conditions 45
Common Considerations 46
Throttling Primary defense mechanism for online attacks Example: Limit failed authentication attempts to 100 in 30-day period per account Consider using CAPTCHAs, delays, or IP whitelists when approaching the limit Consider use of risk-based or adaptive techniques for throttling Don’t over-throttle: can result in denial of service for legitimate user 47 “Revs Per Minute” by Michael Gil is licensed under CC BY 2.0
Verifier impersonation resistance AKA “Phishing Resistance”, “Strong MITM Resistance” Goal: make it impossible for a man-in-the-middle to authenticate their own session Do not depend on the user to detect fraud Establishes a binding between the authentication and the TLS session it uses All VIR authenticators are cryptographic, but
 not all cryptographic authenticators are VIR Examples: client-authenticated TLS, FIDO 48
Attestation If a user supplies their own authenticator, how do you know how strong it is? Attestation certificates describe the authenticator Avoid identifying a specific authenticator, if possible (privacy issue) Particularly important when user can access/manipulate information other than their own 49
Verifier compromise resistance Extent to which a compromise of the verifier gives the attacker the ability to authenticate Generally determined by the authenticator type Public keys (most cryptographic authenticators) are considered VCR Symmetric keys (OTP verification) not VCR Passwords may or may not be, depending on how stored 50
Replay resistance Extent to which authentication is immune to recording/replay attacks Resistant: Challenge/response protocols (with nonces), e.g. crypto authenticators OTP devices, look-up secrets Passwords are not replay resistant 51
Authentication intent Goal: block access to directly-connected authenticators by malware Approaches: Hardware button (e.g., FIDO) Re-entry of PIN Reconnection of authenticator for each authentication 52
Two-factor authenticator or two authenticators? 53 Two-factor authenticator Two authenticators Fewer authenticators to manage Easier to determine strength of BYO authenticators Less centralized storage of activation secret Easier to throttle activation secret guesses
 (at verifier)
Questions? 54
Bibliography [Herley 2012] Herley, C., and P. Van Oorschot. 2012. “A Research Agenda Acknowledging the Persistence of Passwords.” IEEE Security & Privacy Magazine 10 (1): 28–36. https://doi.org/10.1109/MSP.2011.150. [Florencio 2014] Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. 2014. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November. http://research.microsoft.com/apps/pubs/default.aspx?id=227130. [Grassi 2017] Grassi, Paul A, James L Fenton, Elaine M Newton, Ray A Perlner, Andrew R Regenscheid, William E Burr, Justin P Richer, et al. 2017. “Digital Identity Guidelines: Authentication and Lifecycle Management.” NIST SP 800-63b. Gaithersburg, MD: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b. [Habib 2017] Habib, Hana, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Cranor. 2017. “Password Creation in the Presence of Blacklists.” In Proceedings 2017 Workshop on Usable Security. San Diego, CA: Internet Society. https://doi.org/10.14722/usec.2017.23043. Apple, Inc. “Face ID Security”, November, 2017. https://www.apple.com/business/site/docs/ FaceID_Security_Guide.pdf. 55

Recommended

Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Passwords presentation
Passwords presentationPasswords presentation
Passwords presentationGreg MacPherson
 
A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1Shaibi Varkey
 

Recommended

Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)securityEnrico Zimuel
 
Passwords presentation
Passwords presentationPasswords presentation
Passwords presentationGreg MacPherson
 
A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1A graphical password authentication system (ieee 2011) 1
A graphical password authentication system (ieee 2011) 1Shaibi Varkey
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksScott Sutherland
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methodssana mateen
 
An Introduction to Hashing and Salting
An Introduction to Hashing and SaltingAn Introduction to Hashing and Salting
An Introduction to Hashing and SaltingRahul Singh
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 
Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemAkshay Surve
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Web security
Web securityWeb security
Web securityPadam Banthia
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFAJack Forbes
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 

More Related Content

What's hot

Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksScott Sutherland
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methodssana mateen
 
An Introduction to Hashing and Salting
An Introduction to Hashing and SaltingAn Introduction to Hashing and Salting
An Introduction to Hashing and SaltingRahul Singh
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemAkshay Surve
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 

What's hot (20)

Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authentication
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methods
 
An Introduction to Hashing and Salting
An Introduction to Hashing and SaltingAn Introduction to Hashing and Salting
An Introduction to Hashing and Salting
 
Email security
Email securityEmail security
Email security
 
Web security
Web securityWeb security
Web security
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Web security
Web securityWeb security
Web security
 
Key management
Key managementKey management
Key management
 
Shoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login systemShoulder surfing resistant graphical and image based login system
Shoulder surfing resistant graphical and image based login system
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
Web security
Web securityWeb security
Web security
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 

Similar to User Authentication: Passwords and Beyond

Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptSilverGold16
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
Passwords & security
Passwords & securityPasswords & security
Passwords & securityPer Thorsheim
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Iván Sanz de Castro
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingTop 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingPaula Januszkiewicz
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Chris Hernandez
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 

Similar to User Authentication: Passwords and Beyond (20)

Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
 
Passwords & security
Passwords & securityPasswords & security
Passwords & security
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
Windows network
Windows networkWindows network
Windows network
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Don't Pick the lock
Don't Pick the lockDon't Pick the lock
Don't Pick the lock
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingTop 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 

More from Jim Fenton

REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsJim Fenton
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered HarmfulJim Fenton
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalJim Fenton
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 NōtifsJim Fenton
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?Jim Fenton
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage DoorJim Fenton
 
Identity systems
Identity systemsIdentity systems
Identity systemsJim Fenton
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICJim Fenton
 

More from Jim Fenton (12)

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
 
REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS Requirements
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
 
Notifs update
Notifs updateNotifs update
Notifs update
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

User Authentication: Passwords and Beyond

  • 1. User Authentication:
 Passwords and Beyond Jim Fenton @jimfenton 1 Czech Technical University in Prague
 25 March 2019
  • 2. Just a little about me… Consultant (2013-present) Authentication standards: NIST SP 800-63-3 IETF: REQUIRETLS email security proposal CSO at OneID (2011-2013) Authentication startup Distinguished Engineer at Cisco (-2011) Various things including DKIM email signatures 2
  • 3. Disclaimer I’m a consultant for the US National Institute of Standards and Technology Worked on the SP 800-63-3 update Currently working on errata, guidance for US agencies Everything here is my own (hopefully informed) opinion I don’t speak for NIST! Please contact NIST if you need an official answer 3
  • 4. Guiding principles Emphasize user experience People cheat when things are not user-friendly Have realistic security expectations Many things need 2-factor authentication Burden the verifier rather than user wherever possible Don’t ask the user to do things that don’t significantly improve security Remember that the goal is to help real users authenticate, not just stop bad actors 4 “Guiding Principles” by Ford-Foundation is licensed under CC BY-ND 2.0
  • 5. Who are the Users? Everybody: Non-English speakers Homeless people Disabled veterans Hospital patients Physicians Elderly Students Usability needs to consider all of these 5 Photo by Rob Curran on Unsplash
  • 6. What’s a password? 6 Passphrase Something you know PIN Memorized Secret “Exercise Plays Vital Role Maintaining Brain Health” by A Health Blog is licensed under CC BY-SA 2.0 Passcode
  • 7. Attacks Online Various types of guessing Offline Attacks on the verifier Side channel Shoulder surfing and more sophisticated attacks Both targeted (e.g., spearphishing) and bulk: very different goals 7 “Under attack!” by Noel Reynolds is licensed under CC BY 2.0
  • 8. Online attacks Guessing the password Brute force attacks Password stuffing (passwords this user uses elsewhere) Common defenses Throttling (more on this later) Password reuse avoidance (education primarily) Prohibition of very common passwords 8 “On the Air” by Thomas Hawk is licensed under CC BY-NC 2.0
  • 9. Offline attacks Reversing password hashes (cracking) More efficient with time: Moore’s Law Benefits from cryptocurrency mining technology, GPUs, etc. Defenses Time- and memory-hard hash algorithms Supplemental keyed hashing Protecting hashes better! Generally harder to defend against than online 9
  • 10. Side channels Obtaining the password through leakage Shoulder surfing Key loggers and other malware Acoustic, key wear, and similar analysis Electromagnetic (TEMPEST), timing, and power drain analysis 10 “shoulder surfing” by Anne Petersen is licensed under CC BY-NC-ND 2.0
  • 11. Password length Increasing length is the most reliable way of strengthening a password So just require very long passwords? No. Have a rationale for length requirements Don’t drive users to Post-It® notes 11
  • 12. What are you defending against? ~8 character passwords are effective against online attacks (with reasonable throttling) But it takes more than twice as many characters to provide similar protection against offline attacks 12 Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November 2014.
 http://research.microsoft.com/apps/pubs/default.aspx?id=227130.
  • 13. Maximum length Don’t limit users’ ability to use long (secure!)
 passwords! Suggest accepting 64 characters or more Rationale: Give users maximum flexibility to choose a memorable pass phrase 64 characters fit on many screens “measuring tape” by areta ekarafi is licensed under CC BY-NC-ND 2.0 13
  • 14. Space characters Spaces are natural to type in passphrases:
 Allow them! Consider normalizing multiple consecutive spaces to one UI concern: inadvertent typing multiple spaces is hard to see Space characters themselves don’t add much entropy (This is controversial) “the burning of the midnight oil” by Robert S. Donovan is licensed under CC BY-NC 2.0 14
  • 15. Character set Give users maximum flexibility to choose
 passwords in their native language Accept all printable ASCII characters Accept Unicode, including emojis (1 “character”/code point) 😺 Rationale: Site-specific constraints on special characters have been a UX nightmare Verifier needs to hash the entry anyway, so SQL injection shouldn’t be a concern “Lead Type (melting in the oven of your mind)” by jm3 on Flickr is licensed under CC BY-SA 2.0 15
  • 16. Hints and prompts tl;dr: Don’t do it! Hints (user-chosen) Users sometimes choose hints like “Password is qwertyui” Need to be stored in the clear or reversibly encrypted to be displayable to the user Prompts (site-chosen) Typically take the form of “security questions” Answers often shared between different services (e.g., first pet) 16 “whisper” by ElizaC3 is licensed under CC BY 2.0
  • 17. Composition rules Rules specifying what character classes
 must be in passwords Avoid using them: UX nightmare Don’t provide as much value as originally thought May not be applicable in other languages Use a blocklist dictionary instead 17 “Are you freaking INSANE????” by Paige Saez is licensed under CC BY-NC 2.0
  • 18. Dictionaries: questions How big should the dictionary be? Too small: ineffective Too big: bad user experience (like composition rules, but less transparent) Will users act predictibly when asked to pick a different password? Users might just append something like 1 or ! If so, the dictionary is a great resource for offline cracking 18 “Dictionary” by Caleb Roenigk is licensed under CC BY 2.0
  • 19. What if someone picks a bad password? If a user picks a password that’s in the dictionary, this is a teaching opportunity 😀 CMU has done some research on this [Habib 2017] Password strength meter might help user pick something stronger 19
  • 20. Dictionaries: takeaways It’s pretty simple to build a reasonable dictionary Dictionary with size of ~100,000 entries is probably good - but need to test But watch out for that second password pick BadPassword -> BadPassword1 ??? 😰 20
  • 21. Displaying passwords Much of the time, users aren’t subject to
 shoulder-surfing attacks Consider offering option to display the password rather than dots or asterisks But rehide after some period of time Displaying the password when not likely to be observed helps typing accuracy, and therefore improves user experience 21
  • 22. Password expiration Don’t require users to change passwords arbitrarily
 (e.g., periodically) If users know their password will be only temporary: They won’t invest the effort in choosing and learning a complex one They’ll pick something similar to the old password But do require change if there is evidence of compromise Have a way to do this, if/when needed. 22 “parking_meter.JPG” by Paul Vladuchick is licensed under CC BY-NC-ND 2.0
  • 24. Hashing Goal: Make it hard for someone who compromises the verifier to learn the password(s) Simplistic approach: Store sha256(password) But: Attacker could try lots of passwords and see what matches But also: Attacker can easily see if two users have same password 24
  • 25. Salting Addresses uniqueness of hash for a given password At password establishment, choose a random value (“salt”) Store salt, sha256(password || salt) Foils look-up tables (or makes them very big), duplicate searches But: it’s still really fast. Attacker can just guess 25
  • 26. Iterated hashing Goal: make guessing more expensive for the attacker Store salt, iteration count “n”, pbkdf2(password || salt, n). But: pbkdf2 runs well in graphics processors, doesn’t require much memory Benefits from technology developed for cryptocurrency mining Example: pbkdf2_sha256$30000$Da4AnjGEyPCK$WjRjDzeJTaFzLzDWXV0av0Z5jE7o8mDFEfP9cPvQ9 BQ= Algorithm $ Iteration count $ salt (base64) $ hash (base64) 26
  • 27. Time and memory hardening Good algorithms for password hashing are: Slow - requires processor resources (“time hard”) Memory consumptive - requires memory resources (“memory hard”) Attackers have access to great CPU resources, specialized hardware Popular algorithm: bcrypt 27
  • 28. Keyed hashing Supplemental hash with key stored separately Generally best to do hashing in separate processor Could be a hardware device (HSM) for best security If key doesn’t leak, hash can’t be cracked! Simple example: GitHub jimfenton/rehash 28
  • 29. Case study: Adobe® Reported October, 2013 130,325,129 records containing: Email address Encrypted password (not salted) Password hint (not encrypted) 56,044,956 distinct encrypted passwords (many duplicates) 29
  • 30. Adobe Problems: Passwords used by multiple people have the same stored value Correlation of hints is possible — this is actually a fun game! Email address facilitates credential stuffing on other services Successes: Encryption key apparently not breached (but who can be sure?) Cracking of hashes not possible because of key 30
  • 31. The Adobe game 31 0agIJWqXa2Y= (697 records, 276 hints, 152 distinct hints) chugalug same beverage kitty drink uncle drunk - chien Glenlivet drunk booze whiskey horse tape sweet andrews son p male cat liqour What's my dog's name? cat whos ur dawg bunny Border Collie your favourite liquor doggy dog tapes reuse mu dog normal sticky & plaid black label favorite drink geknipst my dog puppy! alcohol aged 25 years whisky school attaccare friendf ehhhhhhhh dimple dogs scortcher pets name ura Irish Setter First Dog fave horse golden normal one carpetCleaner favorite liquor john's password mon chien hi priced liquor gina minou tape? my dogs name what i drink usual its the same ol brand boycatname same as always lijm Better than Cats plakband Dog On Habbo on the rocks college bant Dewers Name of Dog drink and tape Fav. Disney 1 ????????? Cutts nickname for me scotland tacataca ZK a good drink favourite cat publish cat name scotc sc SVR cats first name little one montreal ???? drotch liquor cat's name yellow snake me short Dog's name? mom's dog lenrelax partner puppy FPIS Favorite favorite drink haha loly land down in my belly highland vid tape mfr woof first horse estimac?o c?o speyside malt Pet cats name regular dizzle gatto libation w/o number johnny walker persian alex name of school in Hawthorn Tony & Lou Drink new dog buro favourite drink college australia pyranees zelda pet's name first first single malt yummy beverage nom du chien nationality the usual Favorite Dog DTH favorite beverage favorite team log in pass trunek albert minus wendy Hund Same drink cinta magica Horse name Omi
  • 32. Adobe — Lessons Lack of salt causes one breached password to impact perhaps hundreds of accounts Password hints are evil Often easier to protect one key stored separately than a large database 32
  • 33. “Security” questions Also known as Knowledge-Based Authentication (KBA) Aren’t these just passwords with hints? Something you know, so KBA+password isn’t 2-factor Low entropy, likely to be reused on multiple sites Can’t be hashed if fuzzy matching is needed 33 “Pip” by Helen Haden is licensed under CC BY-NC 2.0 First pet?
  • 34. Case study: Ashley Madison Data breach, July 2015 Included cleartext answers to KBA questions Limited choice of questions, e.g., “What high school did you attend?" Popular answer, Central High School, was represented in many ways:
 central hi, Central HS, Central, etc. 34
  • 35. Beyond Passwords:
 2 Factor Authentication 35
  • 36. Look-up secrets Take many forms, often wallet cards or sheets of “recovery secrets” What you have is the piece of paper, card, etc. Advantage: inexpensive, easy to use for very occasional authentications Disadvantage: Limited number of authentications possible 36
  • 37. Out-of-band authenticators Out-of-band communication to confirm possession and control of “something you have” Can work in different ways: Authentication secret sent through separate channel to user, entered on primary channel Authentication secret sent on primary channel, sent by user on secondary User compares secrets on primary and secondary channels, confirms on secondary Requirements Uniquely addressable, separate from primary authentication channel Use good crypto (secondary channel isn’t necessarily TLS) Authenticate the OOB device securely 37
  • 38. SMS as OOB authenticator Plaintext SMS is very popular for OOB authentication, but isn’t very good Better than single-factor, but worse than most second factors Easy for attackers to get a target’s phone number reassigned to a device they control Need to accommodate users who change their phone numbers or phones Also: SS7 attacks, forwarding, smartphone malware Make sure the SMS doesn’t go to a VoIP number — wouldn’t establish possession of something Encrypted SMS (using secret stored in SIM) is OK Applies to PSTN voice as well 38
  • 39. OTP devices and apps Two types: time-based and usage-based At least 6 decimal digits of output (~20 bits entropy) Use throttling to foil guessing attacks Disadvantage: Verifier has to store the user’s RNG seed, this could be compromised (RSA Security breach, 2011) 39
  • 40. Cryptographic devices and software Take many forms: Smart cards USB devices NFC or other wireless connected devices Client certificate (software) Always directly connected to endpoint 40
  • 41. Cryptographic authenticators Implement a challenge-response protocol with the verifier Contain a secret, typically an asymmetric private key May implement strong man-in-the-middle resistance, discussed later 41
  • 42. Biometrics Not nearly as good as they’re often portrayed Zero-effort attacks: typically 1 in 1000 to 1 in 10,000 false accept rate False reject rate too, especially under adverse conditions They don’t work under all conditions Fingerprint with dirty or wet hands You leave biometrics everywhere Hard to revoke 42 “Wine at Sunset” by David McLeish is licensed under CC BY-SA 2.0
  • 43. Biometric modalities Physical Fingerprint Iris pattern, retina Face geometry Voice 43 Behavioral Typing cadence Walking gait For authentication, performance is the primary consideration
  • 44. Biometrics and measurement noise There is always measurement noise (dust, etc.) Threshold represents tradeoff between false match and false no-match Want low false match rate, but don’t want frustrated users Effort by impostor can move red graph to right, increasing P(FM) 44 Threshold P(false match)P(false no-match) Match quality Probabilitydensity Correct userIncorrect user
  • 45. Using biometrics effectively Bind biometrics tightly to a specific authenticated device Therefore always part of a multifactor authenticator Mitigates revocation problem (revoke the associated device) Impose a hard limit (10) consecutive failed attempts Looser limit is OK if Presentation Attack Detection (PAD) used Have a backup activation factor, e.g., memorized secret This addresses attempt lockout, poor conditions 45
  • 47. Throttling Primary defense mechanism for online attacks Example: Limit failed authentication attempts to 100 in 30-day period per account Consider using CAPTCHAs, delays, or IP whitelists when approaching the limit Consider use of risk-based or adaptive techniques for throttling Don’t over-throttle: can result in denial of service for legitimate user 47 “Revs Per Minute” by Michael Gil is licensed under CC BY 2.0
  • 48. Verifier impersonation resistance AKA “Phishing Resistance”, “Strong MITM Resistance” Goal: make it impossible for a man-in-the-middle to authenticate their own session Do not depend on the user to detect fraud Establishes a binding between the authentication and the TLS session it uses All VIR authenticators are cryptographic, but
 not all cryptographic authenticators are VIR Examples: client-authenticated TLS, FIDO 48
  • 49. Attestation If a user supplies their own authenticator, how do you know how strong it is? Attestation certificates describe the authenticator Avoid identifying a specific authenticator, if possible (privacy issue) Particularly important when user can access/manipulate information other than their own 49
  • 50. Verifier compromise resistance Extent to which a compromise of the verifier gives the attacker the ability to authenticate Generally determined by the authenticator type Public keys (most cryptographic authenticators) are considered VCR Symmetric keys (OTP verification) not VCR Passwords may or may not be, depending on how stored 50
  • 51. Replay resistance Extent to which authentication is immune to recording/replay attacks Resistant: Challenge/response protocols (with nonces), e.g. crypto authenticators OTP devices, look-up secrets Passwords are not replay resistant 51
  • 52. Authentication intent Goal: block access to directly-connected authenticators by malware Approaches: Hardware button (e.g., FIDO) Re-entry of PIN Reconnection of authenticator for each authentication 52
  • 53. Two-factor authenticator or two authenticators? 53 Two-factor authenticator Two authenticators Fewer authenticators to manage Easier to determine strength of BYO authenticators Less centralized storage of activation secret Easier to throttle activation secret guesses
 (at verifier)
  • 55. Bibliography [Herley 2012] Herley, C., and P. Van Oorschot. 2012. “A Research Agenda Acknowledging the Persistence of Passwords.” IEEE Security & Privacy Magazine 10 (1): 28–36. https://doi.org/10.1109/MSP.2011.150. [Florencio 2014] Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. 2014. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November. http://research.microsoft.com/apps/pubs/default.aspx?id=227130. [Grassi 2017] Grassi, Paul A, James L Fenton, Elaine M Newton, Ray A Perlner, Andrew R Regenscheid, William E Burr, Justin P Richer, et al. 2017. “Digital Identity Guidelines: Authentication and Lifecycle Management.” NIST SP 800-63b. Gaithersburg, MD: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b. [Habib 2017] Habib, Hana, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Cranor. 2017. “Password Creation in the Presence of Blacklists.” In Proceedings 2017 Workshop on Usable Security. San Diego, CA: Internet Society. https://doi.org/10.14722/usec.2017.23043. Apple, Inc. “Face ID Security”, November, 2017. https://www.apple.com/business/site/docs/ FaceID_Security_Guide.pdf. 55