Password Strength Is Not Password Security Essay

1954 Words Jun 7th, 2016 8 Pages
Password Strength is not Password Security
Kevin Marino
November 11, 2013

MSCC697, Regis University

Professor Garcia

Password Strength is not Password Security When password security becomes the topic of conversation it generally focuses on how strong a password is and whether or not the user reuses a password across multiple sites. While these aspects can affect password security, there are certain measures that the server side of the authentication process can implement to increase security without the user changing their habits. This approach would solve many of the security problems that authentication servers are facing. The goal of this study is to determine a set of best practices
…show more content…
Xiong, Jianwei, Muhammad, and Junguo (2013) offer a scheme to for smart card based authentication that is secure and very user friendly, however this study doesn't account for the lack of smart card readers on client systems. These solutions require that user hardware be modified and the current authenticating scheme within the server be changed to accommodate these new technologies. The problem at hand is how to make minimal adjustments on the server side of the authentication process to allow clients the use of easy to remember, non-random, passwords considered weak by today's standards while also increasing the the security of the authentication process. The purpose of this research is to provide best practices regarding password security, that if adopted by authenticating entities, will allow their clients to use easy to remember passwords while decreasing the risk of compromise of the client's account. There are a number of best practices with regard to password security on the client side, which studies have shown that most users rarely implement. One of these best practices is the use of unique passwords between multiple sites (Duggan, Johnson, & Grawemeyer, 2012; Campbell, Ma, & Kleeman, 2011; Brown, Bracken, Zoccoli, & Douglas, 2004), which may be the most ignored practice by users. Brown et al. (2004) estimates that two thirds of passwords are used across multiple accounts. These studies all show the bad

Related Documents