This document analyzes alternatives to traditional alphanumeric passwords including enhancements to traditional passwords and replacements. It discusses various options such as one-time passwords, certificate-based passwords, biometrics, and graphical passwords. It evaluates each option based on ease of use, ease of implementation, security, and versatility. The document concludes that properly chosen traditional alphanumeric passwords currently work better than other available alternatives.

1. An Analysis of the Alternatives to
Traditional Static Alphanumeric
Passwords
Mahmoud Abaza and Brent Hunter
School of Computing and Information Systems, Athabasca
University
mahmouda@athabascau.ca

2. Alphanumeric Passwords:
easy to implement, easy to use,
and versatile.

3. Weakness of Alphanumeric
Passwords: users use weak
passwords.

4. Example ideas to overcome weakness of
Alphanumeric Passwords:
•password haystacks system (Gibson)
•system of using 4 or more unrelated
dictionary words (Munroe)

5. An average person may have
to log in to 8 or more systems
over the course of a day, and
will probably use the same
password for more than one of
them

6. • Enhancements for traditional
alphanumeric passwords.
• Replacements for traditional
Alphanumeric Passwords.

7. Enhancements for traditional
alphanumeric passwords.
.• enhanced password creation
mechanisms,
• password storage and management
systems
• single sign on systems,
• secondary identity verification

8. Replacements for Traditional
Alphanumeric Passwords.
• one-time password systems
• Token-Based, and Tokenless (email, SMS)
• Certificate-based.
• Biometrics.

9. Enhancements for traditional alphanumeric passwords
& Replacements for traditional Alphanumeric
Passwords.
•How easy to use
•How easy to implement
•How secure
•How versatile.

10. Replacement: One-Time password
•Not Easy to use (requires a token)
•Not easy to implement(requires back-end
authentication infrastructure)
•Not easy to share.

11. Replacement: Certificate based (smart
cards and computer certificate)
•Not Easy to use (requires a smart card)
•Significantly more overhead.
•Less versatile (requires a reader).

12. Replacement: Biometrics.
•Difficult to implement (requires hw and
sw at endpoints)
•Once forged, it is not easy to re-issue.
•False negatives.
•Not versatile (require additional hw.)

13. Replacement: Non-alphanumeric.
•Graphical passwords are not easy to enter
•More difficult o implement (many require
backend authentication).
•Most require agent installed on each
machine.
•Other such difficulties.

14. Enhancement: Password creation
mechanism.
•Algorithms to derive passwords (slower).
•Not friendly.

15. Enhancement: Password storage and
management.
•Single point failure.
•Difficult to use (requires form filler on the
user’s side)
•More difficult to implement.
•Needs updating.

16. Enhancement: Single Sign On.
•Single point failure.
•Requires additional administrative work.
•Not versatile (Systems must provide
single sign on standard) .

17. Properly picked traditional alphanumeric
passwords currently work better than any
of the other available options?????

18. CONCLUSION
Properly picked traditional alphanumeric
passwords currently work better than any
of the other available options?????