15-02-2013, 02:21 PM
Automated Password Generator
Automated Password.docx (Size: 14.37 KB / Downloads: 18)
Abstract
User authentication in computer systems has been a
cornerstone of computer security for decades. The
concept of a user id and password is a cost effective
and efficient method of maintaining a shared secret
between a user and a computer system. One of the key
elements in the password solution for security is a
reliance on human cognitive ability to remember the
shared secret. In early computing days with only a few
computer systems and a small select group of users,
this model proved effective.
With the advent of the Internet, e-commerce, and
the proliferation of PCs in offices and schools, the user
base has grown both in number and in demographic
base. Individual users no longer have single
passwords for single systems, but are presented with
the challenge of remembering numerous passwords for
numerous systems, from email, to web accounts, to
banking and financial services. This paper presents a
conceptual model depicting how users and systems
work together in this function and examines the
consequences of the expanding user base and the use
of password memory aids.
A system model of the risks associated with
password-based authentication is presented from a
user centric point of view including the construct of
user password memory aids. When confronted with
too much data to remember, users will develop
memory aids to assist them in the task of remembering
important pieces of information. These user password
memory aids form a bridge between otherwise
unconnected systems and have an effect on system level
security across multiple systems interconnected by the
user. A preliminary analysis of the implications of this
user centric interconnection of security models is
presented.
Introduction
The concept of a user id and password is a cost
effective and efficient method of maintaining a shared
secret between a user and a computer system.
Identifying a user is essential for the application of
security in the form of permissions to various objects,
processes and access to resources. User authentication
in computer systems based on passwords has been a
cornerstone of computer security for decades. The
authentication process is embedded in many systems,
in many different variations. In each case, one
common aspect is the focus on mapping authentication
data to specific authorized users for a specific
application. And this central focus, the mapping, is
designed from the perspective of the specific system or
application, encompassing its set of valid users.
The implementation of user authentication using a
password, from an application point of view was a
valid assumption when there were only a few
applications compared to numbers of users. Today,
with the rise of the Internet and a push for ubiquitous
computing, this low application count per user
assumption does not hold true. Users have multiple
accounts on multiple systems. Users must to
remember multiple IDs and multiple passwords for the
wide range of computer based services they use. This
has placed a strain on user memory and users have
developed memory aides, such as password lists, to
assist them in the task of keeping accounts and
passwords straight.