Access Control

We all have been used to passwords. we have used them for our log-ins, emails etc. The passwords are primarily used for access control to your files. But did you know that there are also other methods available for access control. Just read on.

Single-use passwords. Having passwords which are only valid once makes many potential attacks ineffective. Most users find single use passwords extremely inconvenient. They have, however, been widely implemented in personal online banking, where they are known as TANs. As most home users only perform a small number of transactions each week, the single use issue has not led to intolerable customer dissatisfaction in this case.

Security tokens are similar in some ways to single-use passwords, but the value to be entered is displayed on a small (generally pocketable) item and changes every minute or so.

Access controls based on public key cryptography e.g. Secure Shell. The necessary keys are usually too large to memorize (but see proposal Passmaze) and must be stored on a local computer, security token or portable memory device, such as a flash disk or floppy disk.

Biometric methods promise authentication based on unalterable personal characteristics, but currently (2008) have high error rates and require additional hardware to scan, for example, fingerprints, irises, etc. They have proven easy to spoof in some famous incidents testing commercially available systems, for example, the gummie fingerprint spoof demonstration,[10] and, because these characteristics are unalterable, they cannot be changed if compromised; this is a highly important consideration in access control as a compromised access token is necessarily insecure.

Single sign-on technology is claimed to eliminate the need for having multiple passwords. Such schemes do not relieve user and administrators from choosing reasonable single passwords, nor system designers or administrators from ensuring that private access control information passed among systems enabling single sign-on is secure against attack. As yet, no satisfactory standard has been developed.

Envaulting technology is a password-free way to secure data on e.g. removable storage devices such as flash drives. Instead of user passwords, access control is based on the user's access to a network resource.

Non-text-based passwords, such as graphical passwords or mouse-movement based passwords. Another system requires users to select a series of faces as a password, utilizing the human brain's ability to recall faces easily.. So far, these are promising, but are not widely used.

Graphical passwords are an alternative means of authentication for log-in intended to be used in place of conventional password; they use images instead of text. In some implementations the user is required to pick from a series of images in the correct sequence in order to gain access. While some believe that graphical passwords would be harder to crack, others suggest that people will be just as likely to pick common images or sequences as they are to pick common passwords.

2D Key (2-Dimensional Key) is a 2D matrix-like key input method having the key styles of multiline passphrase, crossword, ASCII/Unicode art, with optional textual semantic noises, to create big password/key beyond 128 bits to realize the MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key upon the current private key management technologies like encrypted private key, split private key, and roaming private key.

Source: Wikipedia

Mohan Rao.

With coarse rice to eat, with water to drink, and my bended arm for a pillow - I have still joy in the midst of these things. Riches and honors acquired by unrighteousness are to me as a floating cloud. - Confucius