In today's world of increased connectivity, authentication issues are becoming increasingly important. Many user accounts, from banking to water bill accounts, are available online. How do we ensure that identity theft occurrences are reduced, and people can enjoy the benefits of managing multiple accounts online? There are numerous schemes and systems that exist today, but many are difficult to implement, especially for the end users. When analyzing a system from a technical standpoint, one might be able to set the security policies and password encryption strength to the appropriate level in order to protect the information it contains, however, when multiple users utilize this system, and they in turn use other systems with identical passwords, the initial system can become less secure. In addition, phishing attacks are becoming more popular, where users may enter the password they reuse on a hostile site, which could result in compromising multiple systems. This paper examines various authentication methods and mechanisms available today, and determines which is appropriate for various uses. In general, users and administrators are responsible for security, and they should treat their systems with regard to the sensitivity of what they want to protect. Users should always consider the importance of each system they use and choose an authentication method or password scheme to match the system they intend to operate. In addition, administrators should always consider the consequences of implementing different security measures, to include the usability of their system.
name of conference
2007 IEEE SMC Information Assurance and Security Workshop
