SlideShare a Scribd company logo

User Authentication: Passwords and Beyond

Jim Fenton
Jim Fenton

Presentation on user authentication given at Czech Technical University in Prague on 25 March 2019

Technology
1 of 55
Download to read offline
User Authentication:
 Passwords and Beyond Jim Fenton @jimfenton 1 Czech Technical University in Prague
 25 March 2019
Just a little about me… Consultant (2013-present) Authentication standards: NIST SP 800-63-3 IETF: REQUIRETLS email security proposal CSO at OneID (2011-2013) Authentication startup Distinguished Engineer at Cisco (-2011) Various things including DKIM email signatures 2
Disclaimer I’m a consultant for the US National Institute of Standards and Technology Worked on the SP 800-63-3 update Currently working on errata, guidance for US agencies Everything here is my own (hopefully informed) opinion I don’t speak for NIST! Please contact NIST if you need an official answer 3
Guiding principles Emphasize user experience People cheat when things are not user-friendly Have realistic security expectations Many things need 2-factor authentication Burden the verifier rather than user wherever possible Don’t ask the user to do things that don’t significantly improve security Remember that the goal is to help real users authenticate, not just stop bad actors 4 “Guiding Principles” by Ford-Foundation is licensed under CC BY-ND 2.0
Who are the Users? Everybody: Non-English speakers Homeless people Disabled veterans Hospital patients Physicians Elderly Students Usability needs to consider all of these 5 Photo by Rob Curran on Unsplash
What’s a password? 6 Passphrase Something you know PIN Memorized Secret “Exercise Plays Vital Role Maintaining Brain Health” by A Health Blog is licensed under CC BY-SA 2.0 Passcode
Attacks Online Various types of guessing Offline Attacks on the verifier Side channel Shoulder surfing and more sophisticated attacks Both targeted (e.g., spearphishing) and bulk: very different goals 7 “Under attack!” by Noel Reynolds is licensed under CC BY 2.0
Online attacks Guessing the password Brute force attacks Password stuffing (passwords this user uses elsewhere) Common defenses Throttling (more on this later) Password reuse avoidance (education primarily) Prohibition of very common passwords 8 “On the Air” by Thomas Hawk is licensed under CC BY-NC 2.0
Offline attacks Reversing password hashes (cracking) More efficient with time: Moore’s Law Benefits from cryptocurrency mining technology, GPUs, etc. Defenses Time- and memory-hard hash algorithms Supplemental keyed hashing Protecting hashes better! Generally harder to defend against than online 9
Side channels Obtaining the password through leakage Shoulder surfing Key loggers and other malware Acoustic, key wear, and similar analysis Electromagnetic (TEMPEST), timing, and power drain analysis 10 “shoulder surfing” by Anne Petersen is licensed under CC BY-NC-ND 2.0
Password length Increasing length is the most reliable way of strengthening a password So just require very long passwords? No. Have a rationale for length requirements Don’t drive users to Post-It® notes 11
What are you defending against? ~8 character passwords are effective against online attacks (with reasonable throttling) But it takes more than twice as many characters to provide similar protection against offline attacks 12 Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November 2014.
 http://research.microsoft.com/apps/pubs/default.aspx?id=227130.
Maximum length Don’t limit users’ ability to use long (secure!)
 passwords! Suggest accepting 64 characters or more Rationale: Give users maximum flexibility to choose a memorable pass phrase 64 characters fit on many screens “measuring tape” by areta ekarafi is licensed under CC BY-NC-ND 2.0 13
Space characters Spaces are natural to type in passphrases:
 Allow them! Consider normalizing multiple consecutive spaces to one UI concern: inadvertent typing multiple spaces is hard to see Space characters themselves don’t add much entropy (This is controversial) “the burning of the midnight oil” by Robert S. Donovan is licensed under CC BY-NC 2.0 14
Character set Give users maximum flexibility to choose
 passwords in their native language Accept all printable ASCII characters Accept Unicode, including emojis (1 “character”/code point) 😺 Rationale: Site-specific constraints on special characters have been a UX nightmare Verifier needs to hash the entry anyway, so SQL injection shouldn’t be a concern “Lead Type (melting in the oven of your mind)” by jm3 on Flickr is licensed under CC BY-SA 2.0 15
Hints and prompts tl;dr: Don’t do it! Hints (user-chosen) Users sometimes choose hints like “Password is qwertyui” Need to be stored in the clear or reversibly encrypted to be displayable to the user Prompts (site-chosen) Typically take the form of “security questions” Answers often shared between different services (e.g., first pet) 16 “whisper” by ElizaC3 is licensed under CC BY 2.0
Composition rules Rules specifying what character classes
 must be in passwords Avoid using them: UX nightmare Don’t provide as much value as originally thought May not be applicable in other languages Use a blocklist dictionary instead 17 “Are you freaking INSANE????” by Paige Saez is licensed under CC BY-NC 2.0
Dictionaries: questions How big should the dictionary be? Too small: ineffective Too big: bad user experience (like composition rules, but less transparent) Will users act predictibly when asked to pick a different password? Users might just append something like 1 or ! If so, the dictionary is a great resource for offline cracking 18 “Dictionary” by Caleb Roenigk is licensed under CC BY 2.0
What if someone picks a bad password? If a user picks a password that’s in the dictionary, this is a teaching opportunity 😀 CMU has done some research on this [Habib 2017] Password strength meter might help user pick something stronger 19
Dictionaries: takeaways It’s pretty simple to build a reasonable dictionary Dictionary with size of ~100,000 entries is probably good - but need to test But watch out for that second password pick BadPassword -> BadPassword1 ??? 😰 20
Displaying passwords Much of the time, users aren’t subject to
 shoulder-surfing attacks Consider offering option to display the password rather than dots or asterisks But rehide after some period of time Displaying the password when not likely to be observed helps typing accuracy, and therefore improves user experience 21
Password expiration Don’t require users to change passwords arbitrarily
 (e.g., periodically) If users know their password will be only temporary: They won’t invest the effort in choosing and learning a complex one They’ll pick something similar to the old password But do require change if there is evidence of compromise Have a way to do this, if/when needed. 22 “parking_meter.JPG” by Paul Vladuchick is licensed under CC BY-NC-ND 2.0
Designing password verifiers 23
Hashing Goal: Make it hard for someone who compromises the verifier to learn the password(s) Simplistic approach: Store sha256(password) But: Attacker could try lots of passwords and see what matches But also: Attacker can easily see if two users have same password 24
Salting Addresses uniqueness of hash for a given password At password establishment, choose a random value (“salt”) Store salt, sha256(password || salt) Foils look-up tables (or makes them very big), duplicate searches But: it’s still really fast. Attacker can just guess 25
Iterated hashing Goal: make guessing more expensive for the attacker Store salt, iteration count “n”, pbkdf2(password || salt, n). But: pbkdf2 runs well in graphics processors, doesn’t require much memory Benefits from technology developed for cryptocurrency mining Example: pbkdf2_sha256$30000$Da4AnjGEyPCK$WjRjDzeJTaFzLzDWXV0av0Z5jE7o8mDFEfP9cPvQ9 BQ= Algorithm $ Iteration count $ salt (base64) $ hash (base64) 26
Time and memory hardening Good algorithms for password hashing are: Slow - requires processor resources (“time hard”) Memory consumptive - requires memory resources (“memory hard”) Attackers have access to great CPU resources, specialized hardware Popular algorithm: bcrypt 27
Keyed hashing Supplemental hash with key stored separately Generally best to do hashing in separate processor Could be a hardware device (HSM) for best security If key doesn’t leak, hash can’t be cracked! Simple example: GitHub jimfenton/rehash 28
Case study: Adobe® Reported October, 2013 130,325,129 records containing: Email address Encrypted password (not salted) Password hint (not encrypted) 56,044,956 distinct encrypted passwords (many duplicates) 29
Adobe Problems: Passwords used by multiple people have the same stored value Correlation of hints is possible — this is actually a fun game! Email address facilitates credential stuffing on other services Successes: Encryption key apparently not breached (but who can be sure?) Cracking of hashes not possible because of key 30
The Adobe game 31 0agIJWqXa2Y= (697 records, 276 hints, 152 distinct hints) chugalug same beverage kitty drink uncle drunk - chien Glenlivet drunk booze whiskey horse tape sweet andrews son p male cat liqour What's my dog's name? cat whos ur dawg bunny Border Collie your favourite liquor doggy dog tapes reuse mu dog normal sticky & plaid black label favorite drink geknipst my dog puppy! alcohol aged 25 years whisky school attaccare friendf ehhhhhhhh dimple dogs scortcher pets name ura Irish Setter First Dog fave horse golden normal one carpetCleaner favorite liquor john's password mon chien hi priced liquor gina minou tape? my dogs name what i drink usual its the same ol brand boycatname same as always lijm Better than Cats plakband Dog On Habbo on the rocks college bant Dewers Name of Dog drink and tape Fav. Disney 1 ????????? Cutts nickname for me scotland tacataca ZK a good drink favourite cat publish cat name scotc sc SVR cats first name little one montreal ???? drotch liquor cat's name yellow snake me short Dog's name? mom's dog lenrelax partner puppy FPIS Favorite favorite drink haha loly land down in my belly highland vid tape mfr woof first horse estimac?o c?o speyside malt Pet cats name regular dizzle gatto libation w/o number johnny walker persian alex name of school in Hawthorn Tony & Lou Drink new dog buro favourite drink college australia pyranees zelda pet's name first first single malt yummy beverage nom du chien nationality the usual Favorite Dog DTH favorite beverage favorite team log in pass trunek albert minus wendy Hund Same drink cinta magica Horse name Omi
Adobe — Lessons Lack of salt causes one breached password to impact perhaps hundreds of accounts Password hints are evil Often easier to protect one key stored separately than a large database 32
“Security” questions Also known as Knowledge-Based Authentication (KBA) Aren’t these just passwords with hints? Something you know, so KBA+password isn’t 2-factor Low entropy, likely to be reused on multiple sites Can’t be hashed if fuzzy matching is needed 33 “Pip” by Helen Haden is licensed under CC BY-NC 2.0 First pet?
Case study: Ashley Madison Data breach, July 2015 Included cleartext answers to KBA questions Limited choice of questions, e.g., “What high school did you attend?" Popular answer, Central High School, was represented in many ways:
 central hi, Central HS, Central, etc. 34
Beyond Passwords:
 2 Factor Authentication 35
Look-up secrets Take many forms, often wallet cards or sheets of “recovery secrets” What you have is the piece of paper, card, etc. Advantage: inexpensive, easy to use for very occasional authentications Disadvantage: Limited number of authentications possible 36
Out-of-band authenticators Out-of-band communication to confirm possession and control of “something you have” Can work in different ways: Authentication secret sent through separate channel to user, entered on primary channel Authentication secret sent on primary channel, sent by user on secondary User compares secrets on primary and secondary channels, confirms on secondary Requirements Uniquely addressable, separate from primary authentication channel Use good crypto (secondary channel isn’t necessarily TLS) Authenticate the OOB device securely 37
SMS as OOB authenticator Plaintext SMS is very popular for OOB authentication, but isn’t very good Better than single-factor, but worse than most second factors Easy for attackers to get a target’s phone number reassigned to a device they control Need to accommodate users who change their phone numbers or phones Also: SS7 attacks, forwarding, smartphone malware Make sure the SMS doesn’t go to a VoIP number — wouldn’t establish possession of something Encrypted SMS (using secret stored in SIM) is OK Applies to PSTN voice as well 38
OTP devices and apps Two types: time-based and usage-based At least 6 decimal digits of output (~20 bits entropy) Use throttling to foil guessing attacks Disadvantage: Verifier has to store the user’s RNG seed, this could be compromised (RSA Security breach, 2011) 39
Cryptographic devices and software Take many forms: Smart cards USB devices NFC or other wireless connected devices Client certificate (software) Always directly connected to endpoint 40
Cryptographic authenticators Implement a challenge-response protocol with the verifier Contain a secret, typically an asymmetric private key May implement strong man-in-the-middle resistance, discussed later 41
Biometrics Not nearly as good as they’re often portrayed Zero-effort attacks: typically 1 in 1000 to 1 in 10,000 false accept rate False reject rate too, especially under adverse conditions They don’t work under all conditions Fingerprint with dirty or wet hands You leave biometrics everywhere Hard to revoke 42 “Wine at Sunset” by David McLeish is licensed under CC BY-SA 2.0
Biometric modalities Physical Fingerprint Iris pattern, retina Face geometry Voice 43 Behavioral Typing cadence Walking gait For authentication, performance is the primary consideration
Biometrics and measurement noise There is always measurement noise (dust, etc.) Threshold represents tradeoff between false match and false no-match Want low false match rate, but don’t want frustrated users Effort by impostor can move red graph to right, increasing P(FM) 44 Threshold P(false match)P(false no-match) Match quality Probabilitydensity Correct userIncorrect user
Using biometrics effectively Bind biometrics tightly to a specific authenticated device Therefore always part of a multifactor authenticator Mitigates revocation problem (revoke the associated device) Impose a hard limit (10) consecutive failed attempts Looser limit is OK if Presentation Attack Detection (PAD) used Have a backup activation factor, e.g., memorized secret This addresses attempt lockout, poor conditions 45
Common Considerations 46
Throttling Primary defense mechanism for online attacks Example: Limit failed authentication attempts to 100 in 30-day period per account Consider using CAPTCHAs, delays, or IP whitelists when approaching the limit Consider use of risk-based or adaptive techniques for throttling Don’t over-throttle: can result in denial of service for legitimate user 47 “Revs Per Minute” by Michael Gil is licensed under CC BY 2.0
Verifier impersonation resistance AKA “Phishing Resistance”, “Strong MITM Resistance” Goal: make it impossible for a man-in-the-middle to authenticate their own session Do not depend on the user to detect fraud Establishes a binding between the authentication and the TLS session it uses All VIR authenticators are cryptographic, but
 not all cryptographic authenticators are VIR Examples: client-authenticated TLS, FIDO 48
Attestation If a user supplies their own authenticator, how do you know how strong it is? Attestation certificates describe the authenticator Avoid identifying a specific authenticator, if possible (privacy issue) Particularly important when user can access/manipulate information other than their own 49
Verifier compromise resistance Extent to which a compromise of the verifier gives the attacker the ability to authenticate Generally determined by the authenticator type Public keys (most cryptographic authenticators) are considered VCR Symmetric keys (OTP verification) not VCR Passwords may or may not be, depending on how stored 50
Replay resistance Extent to which authentication is immune to recording/replay attacks Resistant: Challenge/response protocols (with nonces), e.g. crypto authenticators OTP devices, look-up secrets Passwords are not replay resistant 51
Authentication intent Goal: block access to directly-connected authenticators by malware Approaches: Hardware button (e.g., FIDO) Re-entry of PIN Reconnection of authenticator for each authentication 52
Two-factor authenticator or two authenticators? 53 Two-factor authenticator Two authenticators Fewer authenticators to manage Easier to determine strength of BYO authenticators Less centralized storage of activation secret Easier to throttle activation secret guesses
 (at verifier)
Questions? 54
Bibliography [Herley 2012] Herley, C., and P. Van Oorschot. 2012. “A Research Agenda Acknowledging the Persistence of Passwords.” IEEE Security & Privacy Magazine 10 (1): 28–36. https://doi.org/10.1109/MSP.2011.150. [Florencio 2014] Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. 2014. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November. http://research.microsoft.com/apps/pubs/default.aspx?id=227130. [Grassi 2017] Grassi, Paul A, James L Fenton, Elaine M Newton, Ray A Perlner, Andrew R Regenscheid, William E Burr, Justin P Richer, et al. 2017. “Digital Identity Guidelines: Authentication and Lifecycle Management.” NIST SP 800-63b. Gaithersburg, MD: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b. [Habib 2017] Habib, Hana, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Cranor. 2017. “Password Creation in the Presence of Blacklists.” In Proceedings 2017 Workshop on Usable Security. San Diego, CA: Internet Society. https://doi.org/10.14722/usec.2017.23043. Apple, Inc. “Face ID Security”, November, 2017. https://www.apple.com/business/site/docs/ FaceID_Security_Guide.pdf. 55

Recommended

Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesBuddhika Karunanayaka
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 

Recommended

Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesBuddhika Karunanayaka
 
Web security
Web securityWeb security
Web securityMuhammad Usman
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud SecurityLegal Services National Technology Assistance Project (LSNTAP)
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Authentication
AuthenticationAuthentication
Authenticationprimeteacher32
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 

More Related Content

What's hot

Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 

What's hot (20)

Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Software security
Software securitySoftware security
Software security
 
Application Security
Application SecurityApplication Security
Application Security
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web Attacks
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Web security
Web securityWeb security
Web security
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Authentication
AuthenticationAuthentication
Authentication
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SSL
SSLSSL
SSL
 
Spoofing
SpoofingSpoofing
Spoofing
 

Similar to User Authentication: Passwords and Beyond

Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
Passwords & security
Passwords & securityPasswords & security
Passwords & securityPer Thorsheim
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Iván Sanz de Castro
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingTop 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingPaula Januszkiewicz
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Chris Hernandez
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 

Similar to User Authentication: Passwords and Beyond (20)

Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
 
Passwords & security
Passwords & securityPasswords & security
Passwords & security
 
Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015Soho routers: swords and shields CyberCamp 2015
Soho routers: swords and shields CyberCamp 2015
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
Windows network
Windows networkWindows network
Windows network
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Don't Pick the lock
Don't Pick the lockDon't Pick the lock
Don't Pick the lock
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth TakingTop 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 

More from Jim Fenton

REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsJim Fenton
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered HarmfulJim Fenton
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalJim Fenton
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 NōtifsJim Fenton
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?Jim Fenton
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage DoorJim Fenton
 
Identity systems
Identity systemsIdentity systems
Identity systemsJim Fenton
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICJim Fenton
 

More from Jim Fenton (12)

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
 
REQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS RequirementsREQUIRETLS: Sender Control of TLS Requirements
REQUIRETLS: Sender Control of TLS Requirements
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
 
Notifs update
Notifs updateNotifs update
Notifs update
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

User Authentication: Passwords and Beyond

  • 1. User Authentication:
 Passwords and Beyond Jim Fenton @jimfenton 1 Czech Technical University in Prague
 25 March 2019
  • 2. Just a little about me… Consultant (2013-present) Authentication standards: NIST SP 800-63-3 IETF: REQUIRETLS email security proposal CSO at OneID (2011-2013) Authentication startup Distinguished Engineer at Cisco (-2011) Various things including DKIM email signatures 2
  • 3. Disclaimer I’m a consultant for the US National Institute of Standards and Technology Worked on the SP 800-63-3 update Currently working on errata, guidance for US agencies Everything here is my own (hopefully informed) opinion I don’t speak for NIST! Please contact NIST if you need an official answer 3
  • 4. Guiding principles Emphasize user experience People cheat when things are not user-friendly Have realistic security expectations Many things need 2-factor authentication Burden the verifier rather than user wherever possible Don’t ask the user to do things that don’t significantly improve security Remember that the goal is to help real users authenticate, not just stop bad actors 4 “Guiding Principles” by Ford-Foundation is licensed under CC BY-ND 2.0
  • 5. Who are the Users? Everybody: Non-English speakers Homeless people Disabled veterans Hospital patients Physicians Elderly Students Usability needs to consider all of these 5 Photo by Rob Curran on Unsplash
  • 6. What’s a password? 6 Passphrase Something you know PIN Memorized Secret “Exercise Plays Vital Role Maintaining Brain Health” by A Health Blog is licensed under CC BY-SA 2.0 Passcode
  • 7. Attacks Online Various types of guessing Offline Attacks on the verifier Side channel Shoulder surfing and more sophisticated attacks Both targeted (e.g., spearphishing) and bulk: very different goals 7 “Under attack!” by Noel Reynolds is licensed under CC BY 2.0
  • 8. Online attacks Guessing the password Brute force attacks Password stuffing (passwords this user uses elsewhere) Common defenses Throttling (more on this later) Password reuse avoidance (education primarily) Prohibition of very common passwords 8 “On the Air” by Thomas Hawk is licensed under CC BY-NC 2.0
  • 9. Offline attacks Reversing password hashes (cracking) More efficient with time: Moore’s Law Benefits from cryptocurrency mining technology, GPUs, etc. Defenses Time- and memory-hard hash algorithms Supplemental keyed hashing Protecting hashes better! Generally harder to defend against than online 9
  • 10. Side channels Obtaining the password through leakage Shoulder surfing Key loggers and other malware Acoustic, key wear, and similar analysis Electromagnetic (TEMPEST), timing, and power drain analysis 10 “shoulder surfing” by Anne Petersen is licensed under CC BY-NC-ND 2.0
  • 11. Password length Increasing length is the most reliable way of strengthening a password So just require very long passwords? No. Have a rationale for length requirements Don’t drive users to Post-It® notes 11
  • 12. What are you defending against? ~8 character passwords are effective against online attacks (with reasonable throttling) But it takes more than twice as many characters to provide similar protection against offline attacks 12 Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November 2014.
 http://research.microsoft.com/apps/pubs/default.aspx?id=227130.
  • 13. Maximum length Don’t limit users’ ability to use long (secure!)
 passwords! Suggest accepting 64 characters or more Rationale: Give users maximum flexibility to choose a memorable pass phrase 64 characters fit on many screens “measuring tape” by areta ekarafi is licensed under CC BY-NC-ND 2.0 13
  • 14. Space characters Spaces are natural to type in passphrases:
 Allow them! Consider normalizing multiple consecutive spaces to one UI concern: inadvertent typing multiple spaces is hard to see Space characters themselves don’t add much entropy (This is controversial) “the burning of the midnight oil” by Robert S. Donovan is licensed under CC BY-NC 2.0 14
  • 15. Character set Give users maximum flexibility to choose
 passwords in their native language Accept all printable ASCII characters Accept Unicode, including emojis (1 “character”/code point) 😺 Rationale: Site-specific constraints on special characters have been a UX nightmare Verifier needs to hash the entry anyway, so SQL injection shouldn’t be a concern “Lead Type (melting in the oven of your mind)” by jm3 on Flickr is licensed under CC BY-SA 2.0 15
  • 16. Hints and prompts tl;dr: Don’t do it! Hints (user-chosen) Users sometimes choose hints like “Password is qwertyui” Need to be stored in the clear or reversibly encrypted to be displayable to the user Prompts (site-chosen) Typically take the form of “security questions” Answers often shared between different services (e.g., first pet) 16 “whisper” by ElizaC3 is licensed under CC BY 2.0
  • 17. Composition rules Rules specifying what character classes
 must be in passwords Avoid using them: UX nightmare Don’t provide as much value as originally thought May not be applicable in other languages Use a blocklist dictionary instead 17 “Are you freaking INSANE????” by Paige Saez is licensed under CC BY-NC 2.0
  • 18. Dictionaries: questions How big should the dictionary be? Too small: ineffective Too big: bad user experience (like composition rules, but less transparent) Will users act predictibly when asked to pick a different password? Users might just append something like 1 or ! If so, the dictionary is a great resource for offline cracking 18 “Dictionary” by Caleb Roenigk is licensed under CC BY 2.0
  • 19. What if someone picks a bad password? If a user picks a password that’s in the dictionary, this is a teaching opportunity 😀 CMU has done some research on this [Habib 2017] Password strength meter might help user pick something stronger 19
  • 20. Dictionaries: takeaways It’s pretty simple to build a reasonable dictionary Dictionary with size of ~100,000 entries is probably good - but need to test But watch out for that second password pick BadPassword -> BadPassword1 ??? 😰 20
  • 21. Displaying passwords Much of the time, users aren’t subject to
 shoulder-surfing attacks Consider offering option to display the password rather than dots or asterisks But rehide after some period of time Displaying the password when not likely to be observed helps typing accuracy, and therefore improves user experience 21
  • 22. Password expiration Don’t require users to change passwords arbitrarily
 (e.g., periodically) If users know their password will be only temporary: They won’t invest the effort in choosing and learning a complex one They’ll pick something similar to the old password But do require change if there is evidence of compromise Have a way to do this, if/when needed. 22 “parking_meter.JPG” by Paul Vladuchick is licensed under CC BY-NC-ND 2.0
  • 24. Hashing Goal: Make it hard for someone who compromises the verifier to learn the password(s) Simplistic approach: Store sha256(password) But: Attacker could try lots of passwords and see what matches But also: Attacker can easily see if two users have same password 24
  • 25. Salting Addresses uniqueness of hash for a given password At password establishment, choose a random value (“salt”) Store salt, sha256(password || salt) Foils look-up tables (or makes them very big), duplicate searches But: it’s still really fast. Attacker can just guess 25
  • 26. Iterated hashing Goal: make guessing more expensive for the attacker Store salt, iteration count “n”, pbkdf2(password || salt, n). But: pbkdf2 runs well in graphics processors, doesn’t require much memory Benefits from technology developed for cryptocurrency mining Example: pbkdf2_sha256$30000$Da4AnjGEyPCK$WjRjDzeJTaFzLzDWXV0av0Z5jE7o8mDFEfP9cPvQ9 BQ= Algorithm $ Iteration count $ salt (base64) $ hash (base64) 26
  • 27. Time and memory hardening Good algorithms for password hashing are: Slow - requires processor resources (“time hard”) Memory consumptive - requires memory resources (“memory hard”) Attackers have access to great CPU resources, specialized hardware Popular algorithm: bcrypt 27
  • 28. Keyed hashing Supplemental hash with key stored separately Generally best to do hashing in separate processor Could be a hardware device (HSM) for best security If key doesn’t leak, hash can’t be cracked! Simple example: GitHub jimfenton/rehash 28
  • 29. Case study: Adobe® Reported October, 2013 130,325,129 records containing: Email address Encrypted password (not salted) Password hint (not encrypted) 56,044,956 distinct encrypted passwords (many duplicates) 29
  • 30. Adobe Problems: Passwords used by multiple people have the same stored value Correlation of hints is possible — this is actually a fun game! Email address facilitates credential stuffing on other services Successes: Encryption key apparently not breached (but who can be sure?) Cracking of hashes not possible because of key 30
  • 31. The Adobe game 31 0agIJWqXa2Y= (697 records, 276 hints, 152 distinct hints) chugalug same beverage kitty drink uncle drunk - chien Glenlivet drunk booze whiskey horse tape sweet andrews son p male cat liqour What's my dog's name? cat whos ur dawg bunny Border Collie your favourite liquor doggy dog tapes reuse mu dog normal sticky & plaid black label favorite drink geknipst my dog puppy! alcohol aged 25 years whisky school attaccare friendf ehhhhhhhh dimple dogs scortcher pets name ura Irish Setter First Dog fave horse golden normal one carpetCleaner favorite liquor john's password mon chien hi priced liquor gina minou tape? my dogs name what i drink usual its the same ol brand boycatname same as always lijm Better than Cats plakband Dog On Habbo on the rocks college bant Dewers Name of Dog drink and tape Fav. Disney 1 ????????? Cutts nickname for me scotland tacataca ZK a good drink favourite cat publish cat name scotc sc SVR cats first name little one montreal ???? drotch liquor cat's name yellow snake me short Dog's name? mom's dog lenrelax partner puppy FPIS Favorite favorite drink haha loly land down in my belly highland vid tape mfr woof first horse estimac?o c?o speyside malt Pet cats name regular dizzle gatto libation w/o number johnny walker persian alex name of school in Hawthorn Tony & Lou Drink new dog buro favourite drink college australia pyranees zelda pet's name first first single malt yummy beverage nom du chien nationality the usual Favorite Dog DTH favorite beverage favorite team log in pass trunek albert minus wendy Hund Same drink cinta magica Horse name Omi
  • 32. Adobe — Lessons Lack of salt causes one breached password to impact perhaps hundreds of accounts Password hints are evil Often easier to protect one key stored separately than a large database 32
  • 33. “Security” questions Also known as Knowledge-Based Authentication (KBA) Aren’t these just passwords with hints? Something you know, so KBA+password isn’t 2-factor Low entropy, likely to be reused on multiple sites Can’t be hashed if fuzzy matching is needed 33 “Pip” by Helen Haden is licensed under CC BY-NC 2.0 First pet?
  • 34. Case study: Ashley Madison Data breach, July 2015 Included cleartext answers to KBA questions Limited choice of questions, e.g., “What high school did you attend?" Popular answer, Central High School, was represented in many ways:
 central hi, Central HS, Central, etc. 34
  • 35. Beyond Passwords:
 2 Factor Authentication 35
  • 36. Look-up secrets Take many forms, often wallet cards or sheets of “recovery secrets” What you have is the piece of paper, card, etc. Advantage: inexpensive, easy to use for very occasional authentications Disadvantage: Limited number of authentications possible 36
  • 37. Out-of-band authenticators Out-of-band communication to confirm possession and control of “something you have” Can work in different ways: Authentication secret sent through separate channel to user, entered on primary channel Authentication secret sent on primary channel, sent by user on secondary User compares secrets on primary and secondary channels, confirms on secondary Requirements Uniquely addressable, separate from primary authentication channel Use good crypto (secondary channel isn’t necessarily TLS) Authenticate the OOB device securely 37
  • 38. SMS as OOB authenticator Plaintext SMS is very popular for OOB authentication, but isn’t very good Better than single-factor, but worse than most second factors Easy for attackers to get a target’s phone number reassigned to a device they control Need to accommodate users who change their phone numbers or phones Also: SS7 attacks, forwarding, smartphone malware Make sure the SMS doesn’t go to a VoIP number — wouldn’t establish possession of something Encrypted SMS (using secret stored in SIM) is OK Applies to PSTN voice as well 38
  • 39. OTP devices and apps Two types: time-based and usage-based At least 6 decimal digits of output (~20 bits entropy) Use throttling to foil guessing attacks Disadvantage: Verifier has to store the user’s RNG seed, this could be compromised (RSA Security breach, 2011) 39
  • 40. Cryptographic devices and software Take many forms: Smart cards USB devices NFC or other wireless connected devices Client certificate (software) Always directly connected to endpoint 40
  • 41. Cryptographic authenticators Implement a challenge-response protocol with the verifier Contain a secret, typically an asymmetric private key May implement strong man-in-the-middle resistance, discussed later 41
  • 42. Biometrics Not nearly as good as they’re often portrayed Zero-effort attacks: typically 1 in 1000 to 1 in 10,000 false accept rate False reject rate too, especially under adverse conditions They don’t work under all conditions Fingerprint with dirty or wet hands You leave biometrics everywhere Hard to revoke 42 “Wine at Sunset” by David McLeish is licensed under CC BY-SA 2.0
  • 43. Biometric modalities Physical Fingerprint Iris pattern, retina Face geometry Voice 43 Behavioral Typing cadence Walking gait For authentication, performance is the primary consideration
  • 44. Biometrics and measurement noise There is always measurement noise (dust, etc.) Threshold represents tradeoff between false match and false no-match Want low false match rate, but don’t want frustrated users Effort by impostor can move red graph to right, increasing P(FM) 44 Threshold P(false match)P(false no-match) Match quality Probabilitydensity Correct userIncorrect user
  • 45. Using biometrics effectively Bind biometrics tightly to a specific authenticated device Therefore always part of a multifactor authenticator Mitigates revocation problem (revoke the associated device) Impose a hard limit (10) consecutive failed attempts Looser limit is OK if Presentation Attack Detection (PAD) used Have a backup activation factor, e.g., memorized secret This addresses attempt lockout, poor conditions 45
  • 47. Throttling Primary defense mechanism for online attacks Example: Limit failed authentication attempts to 100 in 30-day period per account Consider using CAPTCHAs, delays, or IP whitelists when approaching the limit Consider use of risk-based or adaptive techniques for throttling Don’t over-throttle: can result in denial of service for legitimate user 47 “Revs Per Minute” by Michael Gil is licensed under CC BY 2.0
  • 48. Verifier impersonation resistance AKA “Phishing Resistance”, “Strong MITM Resistance” Goal: make it impossible for a man-in-the-middle to authenticate their own session Do not depend on the user to detect fraud Establishes a binding between the authentication and the TLS session it uses All VIR authenticators are cryptographic, but
 not all cryptographic authenticators are VIR Examples: client-authenticated TLS, FIDO 48
  • 49. Attestation If a user supplies their own authenticator, how do you know how strong it is? Attestation certificates describe the authenticator Avoid identifying a specific authenticator, if possible (privacy issue) Particularly important when user can access/manipulate information other than their own 49
  • 50. Verifier compromise resistance Extent to which a compromise of the verifier gives the attacker the ability to authenticate Generally determined by the authenticator type Public keys (most cryptographic authenticators) are considered VCR Symmetric keys (OTP verification) not VCR Passwords may or may not be, depending on how stored 50
  • 51. Replay resistance Extent to which authentication is immune to recording/replay attacks Resistant: Challenge/response protocols (with nonces), e.g. crypto authenticators OTP devices, look-up secrets Passwords are not replay resistant 51
  • 52. Authentication intent Goal: block access to directly-connected authenticators by malware Approaches: Hardware button (e.g., FIDO) Re-entry of PIN Reconnection of authenticator for each authentication 52
  • 53. Two-factor authenticator or two authenticators? 53 Two-factor authenticator Two authenticators Fewer authenticators to manage Easier to determine strength of BYO authenticators Less centralized storage of activation secret Easier to throttle activation secret guesses
 (at verifier)
  • 55. Bibliography [Herley 2012] Herley, C., and P. Van Oorschot. 2012. “A Research Agenda Acknowledging the Persistence of Passwords.” IEEE Security & Privacy Magazine 10 (1): 28–36. https://doi.org/10.1109/MSP.2011.150. [Florencio 2014] Florêncio, Dinei, Cormac Herley, and Paul C. van Oorschot. 2014. “An Administrator’s Guide to Internet Password Research.” Usenix LISA, November. http://research.microsoft.com/apps/pubs/default.aspx?id=227130. [Grassi 2017] Grassi, Paul A, James L Fenton, Elaine M Newton, Ray A Perlner, Andrew R Regenscheid, William E Burr, Justin P Richer, et al. 2017. “Digital Identity Guidelines: Authentication and Lifecycle Management.” NIST SP 800-63b. Gaithersburg, MD: National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b. [Habib 2017] Habib, Hana, Jessica Colnago, William Melicher, Blase Ur, Sean Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Cranor. 2017. “Password Creation in the Presence of Blacklists.” In Proceedings 2017 Workshop on Usable Security. San Diego, CA: Internet Society. https://doi.org/10.14722/usec.2017.23043. Apple, Inc. “Face ID Security”, November, 2017. https://www.apple.com/business/site/docs/ FaceID_Security_Guide.pdf. 55