Oct 28

One-Time Password Security Measures

One-Time Password Security Measures
One-Time Passwords (OTP’s) are exactly that, passwords that are only used one time. The passwords are generated one of two ways, time synchronized or counter synchronized. Both of these methods use the same algorithm to create the password. The good thing about OTP’s is that it creates strong security. Not only does a person have only 24 hours or less to grab a password, but if they gain access to the password they can only use it for one day. One-time passwords are defense against a hacker eavesdropping on a networks data to retrieve login information. This is known as a replay attack. The downside to one time passwords is the complicity. Users can not remember the passwords therefore they typically require a small piece of hardware that can be kept on a key chain just like a flash drive.
Users not having to remember their passwords can also be a positive thing too though, passwords can no longer be social engineered. Another common security breach that can now be avoided is passwords being written down and stuck onto a monitor or under a keyboard. This common mistake made by employees allows anything who can access the floor, to walk around and collect various passwords. This is a good scenario for using the clip boarding technique. Clip boarding is where an intruder walks around or even gains access to an area he is not authorized to because he is carrying a clip board. The clip board creates the image that the intruder is legit, and is authorized to be at a specific place, and therefore is not questioned.
The major problem before one-time passwords was probably that passwords were cached on the machine and or stored on servers. This enabled anyone who could gain access to the system to pull a password off of it. This was especially worrisome for laptop users because laptops can so easily be stolen, especially if left unattended.
One-time passwords are an amazing idea. Although companies still need to worry about information being social engineered and being stolen by operating system vulnerabilities, passwords being taken because of silly mistakes such as posting them on their monitor or desk can now be avoided. It also prevents more advance attacks such as a system being hacked and its’ passwords being decrypted. OTP’s are just one more step closer to top notch security.

Mathew Gajewski

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>