Comparing passwords, tokens, and biometrics for user authentication

  title={Comparing passwords, tokens, and biometrics for user authentication},
  author={Lawrence O'Gorman},
  journal={Proceedings of the IEEE},
  • L. O'Gorman
  • Published 1 December 2003
  • Computer Science
  • Proceedings of the IEEE
For decades, the password has been the standard means for user authentication on computers. [] Key Method Examples of authenticator combinations and protocols are described to show tradeoffs and solutions that meet chosen, practical requirements. The paper endeavors to offer a comprehensive picture of user authentication solutions for the purposes of evaluating options for use and identifying deficiencies requiring further research.
Proficient Implementation of oPass Client Authentication Protocol
The identity of the user will be authenticated through cellular phone which is used to generate a one-time session password, then transmit the encrypted message through short message service, and a more profound client verification is performed without uncovering watchword to the untrusted PCs.
Password based authentication: Philosophical survey
This paper is giving authentication credential to various techniques which is used in password based authentication and giving the techniques for prevention of password attacks.
State based authentication
A novel technique is presented that uses a State Based Authentication method to significantly increase the cost of brute-force and dictionary attack on passwords and has the potential to reduce thecost of password helpdesk significantly by eliminating the need of most password-reset requests.
Query-directed passwords
A Secure and Practical Authentication Scheme Using Personal Devices
This paper proposes an efficient and practical user authentication scheme using personal devices that utilize different cryptographic primitives, such as encryption, digital signature, and hashing that not only is secure against password-related attacks, but also can resist replay attacks, shoulder-surfing attacks, phishing attacks, and data breach incidents.
Secure Password Management With Smart Cards
A password manager based on smart cards where the passwords are securely stored inside the smart card and can only be accessed after mutual authentication, eliminating the problem of brute force attacks.
A Novel Method for Graphical Password Mechanism
This paper describes and examines usability and security of graphical password mechanism for authentication using graphical passwords, describes characteristics for security and performed empirical study comparing Graphical password mechanism with Biometric passwords and alphanumeric password.
Fingerprint based authentication system with keystroke dynamics for realistic user
This work presents a novel approach for user authentication based on fingerprint and the keystroke dynamics of the password entry, which is a multimodal biometrics authentication system.
Active One-Time Password Mechanism for User Authentication
This manuscript proposes an active one-time password (AOTP) mechanism for user authentication to overcome two abovementioned problems, password stealing and reuse, utilizing cellphone and short message service and gives some comparison tables to present that the proposed mechanism is better than other similar works.
Protecting password piracy using authentication protocol
An authentication protocol is proposed which requires a user's cellphone, an untrusted system, a telecommunication provider and a web server and here users have to remember only a long-term password for login to all websites.


Authentication: From Passwords to Public Keys
The first of its kind, Authentication describes the entire range of authentication methods used today, and examines situations in which certain techniques fail and points out ways to strengthen them.
Enhancing security and privacy in biometrics-based authentication systems
The inherent strengths of biometrics-based authentication are outlined, the weak links in systems employing biometric authentication are identified, and new solutions for eliminating these weak links are presented.
The Secure Remote Password Protocol
This new protocol combines techniques of zero-knowledge proofs with asymmetric key exchange protocols and has significantly improved performance over comparably strong extended methods that resist stolen-veri er attacks such as Augmented EKE or B-SPEKE.
UNIX Password Security - Ten Years Later
It is concluded that the single most important step that can be taken to improve password security is to increase password entropy.
A survey of password mechanisms: Weaknesses and potential improvements. Part 2
Authentication and Supervision: A Survey of User Attitudes
Protecting Poorly Chosen Secrets from Guessing Attacks
The basic idea is to ensure that data available to the attacker is sufficiently unpredictable to prevent an offline verification of whether a guess is successful or not and to examine protocols to detect vulnerabilities to such attacks.
Encrypted key exchange: password-based protocols secure against dictionary attacks
  • S. Bellovin, Michael Merritt
  • Computer Science, Mathematics
    Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1992
A combination of asymmetric (public-key) and symmetric (secret- key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network is introduced.
Improving system security via proactive password checking