Overview#Password Authentication is known to have many vulnerabilities but do we have any real alternatives?
What is Wrong with Passwords#Password Management is typically the methodology implemented in large organizations to deal with password issues.
Password Management Methodologies shows an overview of password management methods.
Password Statistics shows some details on how bad password usage.
Password Strength shows some tips on making passwords difficult to hack.passwords and Password-based Authentication Methods.
No way to know if the password has been stolen until it is used against you.
What are the alternatives?#There are three basic alternatives to passwords available.
Reusable passwords to One-Time password#Many token type systems(Ie RSA SecureID)
Multi-Factor Authentication that typically requires the token and a PIN
- Many on the market.
- Easy to integrate into existing systems.
- Typically used in VPNs (Radius type systems)
- Users understand the systems
- Any machine or device maybe used.
- Single vendor commitment as no cross vendor standards.
- Requires software be utilized to accommodative.
- Very Strong
- Cross vendor standards do exist
- Not portable as each device must be able to read the certificate.
- Storage of cert is a problem, must be securely handled
- Users do not understand
- Difficult to Implement
- Requires software be utilized to accommodate.
- Very Strong
- Users do understand