Bitfrost is the security design specification for the OLPC XO , a low cost laptop intended for children in developing countries and developed by the One Laptop Per Child (OLPC) project. Bitfrost's main architect is Ivan Krstić . The first public specification was made available in February 2007.
86-434: No passwords are required to access or use the computer. Every program, when first installed, requests certain bundles of rights, for instance "accessing the camera", or "accessing the internet". The system keeps track of these rights, and the program is later executed in an environment which makes only the requested resources available. The implementation is not specified by Bitfrost, but dynamic creation of security contexts
172-725: A PIN code or PIN number ) is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system. The PIN has been the key to facilitating the private data exchange between different data-processing centers in computer networks for financial institutions, governments, and enterprises. PINs may be used to authenticate banking systems with cardholders, governments with citizens, enterprises with employees, and computers with users, among other uses. In common usage, PINs are used in ATM or POS transactions, secure access control (e.g. computer access, door access, car access), internet transactions, or to log into
258-410: A cryptographic hash of the password. If an attacker gets access to the file of hashed passwords guessing can be done offline, rapidly testing candidate passwords against the true password's hash value. In the example of a web-server, an online attacker can guess only at the rate at which the server will respond, while an off-line attacker (who gains access to the file) can guess at a rate limited only by
344-547: A hardware security module (HSM). One of the earliest ATM models was the IBM 3624 , which used the IBM method to generate what is termed a natural PIN . The natural PIN is generated by encrypting the primary account number (PAN), using an encryption key generated specifically for the purpose. This key is sometimes referred to as the PIN generation key (PGK). This PIN is directly related to
430-488: A passcode , is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized , but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret
516-399: A polynomial , modulus , or an advanced hash function . Roger Needham invented the now-common approach of storing only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database,
602-602: A 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks . In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems , mobile phones , cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail , accessing applications, databases, networks, web sites, and even reading
688-557: A 25% probability with fifteen numbers to more than 30% (not counting 7-digits with all those phone numbers). In fact, about half of all 9-digit PINs can be reduced to two dozen possibilities, largely because more than 35% of all people use the all too tempting 123456789. As for the remaining 64%, there's a good chance they're using their Social Security Number , which makes them vulnerable. (Social Security Numbers contain their own well-known patterns.) In 2002, two PhD students at Cambridge University , Piotr Zieliński and Mike Bond, discovered
774-550: A LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy." In the early 1970s, Robert Morris developed a system of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974. A later version of his algorithm, known as crypt(3) , used
860-547: A PIN for security. James Goodfellow , the inventor who patented the first personal identification number, was awarded an OBE in the 2006 Queen's Birthday Honours . Mohamed M. Atalla invented the first PIN-based hardware security module (HSM), dubbed the "Atalla Box," a security system that encrypted PIN and ATM messages and protected offline devices with an un-guessable PIN-generating key. In 1972, Atalla filed U.S. patent 3,938,091 for his PIN verification system, which included an encoded card reader and described
946-400: A challenge because of the sheer number of passwords users of computers and the internet are expected to maintain. One survey concluded that the average user has around 100 passwords. To manage the proliferation of passwords, some users employ the same password for multiple accounts, a dangerous practice since a data breach in one account could compromise the rest. Less risky alternatives include
SECTION 10
#17327930518961032-400: A consistent theme to keep their passwords memorable. Because of these issues, there is some debate as to whether password aging is effective. Changing a password will not prevent abuse in most cases, since the abuse would often be immediately noticeable. However, if someone may have had access to the password through some means, such as sharing a computer or breaching a different site, changing
1118-484: A few important accounts, such as bank accounts. Similar arguments were made by Forbes in not change passwords as often as many "experts" advise, due to the same limitations in human memory. Historically, many security experts asked people to memorize their passwords: "Never write down a password". More recently, many security experts such as Bruce Schneier recommend that people use passwords that are too complicated to memorize, write them down on paper, and keep them in
1204-550: A larger construction such as in PBKDF2 . The stored data—sometimes called the "password verifier" or the "password hash"—is often stored in Modular Crypt Format or RFC 2307 hash format, sometimes in the /etc/passwd file or the /etc/shadow file. The main storage methods for passwords are plain text, hashed, hashed and salted, and reversibly encrypted. If an attacker gains access to the password file, then if it
1290-667: A match, they know that their guess is the actual password for the associated user. Password cracking tools can operate by brute force (i.e. trying every possible combination of characters) or by hashing every word from a list; large lists of possible passwords in many languages are widely available on the Internet. The existence of password cracking tools allows attackers to easily recover poorly chosen passwords. In particular, attackers can quickly recover passwords that are short, dictionary words, simple variations on dictionary words, or that use easily guessable patterns. A modified version of
1376-457: A password and a counterpassword; for example in the opening days of the Battle of Normandy , paratroopers of the U.S. 101st Airborne Division used a password— flash —which was presented as a challenge, and answered with the correct response— thunder . The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day in place of
1462-483: A password follow. The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts, also known as throttling. In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords if they have been well chosen and are not easily guessed. Many systems store
1548-411: A password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply. Passwords have been used with computers since the earliest days of computing. The Compatible Time-Sharing System (CTSS), an operating system introduced at MIT in 1961, was the first computer system to implement password login. CTSS had
1634-491: A precautionary measure. If a new password is passed to the system in unencrypted form, security can be lost (e.g., via wiretapping ) before the new password can even be installed in the password database and if the new password is given to a compromised employee, little is gained. Some websites include the user-selected password in an unencrypted confirmation e-mail message, with the obvious increased vulnerability. Identity management systems are increasingly used to automate
1720-513: A restricted website. The PIN originated with the introduction of the automated teller machine (ATM) in 1967, as an efficient way for banks to dispense cash to their customers. The first ATM system was that of Barclays in London, in 1967; it accepted cheques with machine-readable encoding, rather than cards, and matched the PIN to the cheque. 1972, Lloyds Bank issued the first bank card to feature an information-encoding magnetic strip, using
1806-466: A risk of alienating users, possibly decreasing security as a result. It is common practice amongst computer users to reuse the same password on multiple sites. This presents a substantial security risk, because an attacker needs to only compromise a single site in order to gain access to other sites the victim uses. This problem is exacerbated by also reusing usernames , and by websites requiring email logins, as it makes it easier for an attacker to track
SECTION 20
#17327930518961892-533: A secure PIN system. In recognition of his work on the PIN system of information security management , Atalla has been referred to as the "Father of the PIN". The success of the "Atalla Box" led to the wide adoption of PIN-based hardware security modules. Its PIN verification process was similar to the later IBM 3624 . By 1998 an estimated 70% of all ATM transactions in the United States were routed through specialized Atalla hardware modules, and by 2003
1978-505: A security flaw in the PIN generation system of the IBM 3624 , which was duplicated in most later hardware. Known as the decimalization table attack , the flaw would allow someone who has access to a bank's computer system to determine the PIN for an ATM card in an average of 15 guesses. Rumours have been in e-mail and Internet circulation claiming that in the event of entering a PIN into an ATM backwards, law enforcement will be instantly alerted as well as money being ordinarily issued as if
2064-421: A single dictionary word is not. Having a personally designed algorithm for generating obscure passwords is another good method. However, asking users to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if
2150-579: A single user across multiple sites. Password reuse can be avoided or minimized by using mnemonic techniques , writing passwords down on paper , or using a password manager . It has been argued by Redmond researchers Dinei Florencio and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada, that password reuse is inevitable, and that users should reuse passwords for low-security websites (which contain little personal data and no financial information, for example) and instead focus their efforts on remembering long, complex passwords for
2236-469: A system that utilized encryption techniques to assure telephone link security while entering personal ID information that was transmitted to a remote location for verification. He founded Atalla Corporation (now Utimaco Atalla ) in 1972, and commercially launched the "Atalla Box" in 1973. The product was released as the Identikey. It was a card reader and customer identification system , providing
2322-402: A terminal with plastic card and PIN capabilities. The system was designed to let banks and thrift institutions switch to a plastic card environment from a passbook program. The Identikey system consisted of a card reader console, two customer PIN pads , intelligent controller and built-in electronic interface package. The device consisted of two keypads , one for the customer and one for
2408-442: A wallet. Password manager software can also store passwords relatively safely, in an encrypted file sealed with a single master password. To facilitate estate administration, it is helpful for people to provide a mechanism for their passwords to be communicated to the persons who will administer their affairs in the event of their death. Should a record of accounts and passwords be prepared, care must be taken to ensure that
2494-472: Is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often). Such policies usually provoke user protest and foot-dragging at best and hostility at worst. There is often an increase in the number of people who note down the password and leave it where it can easily be found, as well as help desk calls to reset a forgotten password. Users may use simpler passwords or develop variation patterns on
2580-454: Is a wooden tablet with the word inscribed on it – takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next to him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver the tablet to the tribunes before dark. So that if all those issued are returned,
2666-413: Is cracking both necessary and possible. If a cryptographic hash function is well designed, it is computationally infeasible to reverse the function to recover a plaintext password. An attacker can, however, use widely available tools to attempt to guess the passwords. These tools work by hashing possible passwords and comparing the result of each guess to the actual password hashes. If the attacker finds
Bitfrost - Misplaced Pages Continue
2752-427: Is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier . When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol , the verifier is able to infer the claimant's identity. In general, a password is an arbitrary string of characters including letters, digits, or other symbols. If
2838-431: Is made, possibly supplying a code that must be entered in addition to a password. More sophisticated factors include such things as hardware tokens and biometric security. Password rotation is a policy that is commonly implemented with the goal of enhancing computer security . In 2019, Microsoft stated that the practice is "ancient and obsolete". Most organizations specify a password policy that sets requirements for
2924-463: Is only valid for one particular machine. The laptops request a new "lease" from a central network server once a day. These leases come with an expiry time (typically a month), and the laptop stops functioning if all its leases have expired. Leases can also be given out from local school servers or via a portable USB device. Laptops that have been registered as stolen cannot acquire a new lease. The deploying country decides whether this lease system
3010-416: Is possible to store a PIN offset value. The offset is found by subtracting the natural PIN from the customer selected PIN using modulo 10. For example, if the natural PIN is 1234, and the user wishes to have a PIN of 2345, the offset is 1111. The offset can be stored either on the card track data, or in a database at the card issuer. To validate the PIN, the issuing bank calculates the natural PIN as in
3096-637: Is recorded in the SIM card . If such a PIN is entered incorrectly three times, the SIM card is blocked until a personal unblocking code (PUC or PUK), provided by the service operator, is entered. If the PUC is entered incorrectly ten times, the SIM card is permanently blocked, requiring a new SIM card from the mobile carrier service. Note that this should not be confused with software-based passcodes that are often used on smartphones with lock screens : these are not related to
3182-402: Is required. The first implementation was based on vserver , the second and current implementation is based on user IDs and group IDs (/etc/password is edited when an activity is started), and a future implementation might involve SE Linux or some other technology. By default, the system denies certain combinations of rights; for instance, a program would not be granted both the right to access
3268-424: Is sometimes called a passphrase . A passphrase is similar to a password in usage, but the former is generally longer for added security. Passwords have been used since ancient times. Sentries would challenge those wishing to enter an area to supply a password or watchword , and would only allow a person or group to pass if they knew the password. Polybius describes the system for the distribution of watchwords in
3354-612: Is sometimes used to distribute passwords but this is generally an insecure method. Since most email is sent as plaintext , a message containing a password is readable without effort during transport by any eavesdropper. Further, the message will be stored as plaintext on at least two computers: the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on there as well, at least for some time, and may be copied to backup , cache or history files on any of these systems. Using client-side encryption will only protect transmission from
3440-450: Is stored as plain text, no cracking is necessary. If it is hashed but not salted then it is vulnerable to rainbow table attacks (which are more efficient than cracking). If it is reversibly encrypted then if the attacker gets the decryption key along with the file no cracking is necessary, while if he fails to get the key cracking is not possible. Thus, of the common storage formats for passwords only when passwords have been salted and hashed
3526-491: Is the Transport Layer Security (TLS, previously called SSL ) feature built into most current Internet browsers . Most browsers alert the user of a TLS/SSL-protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use. There is a conflict between stored hashed-passwords and hash-based challenge–response authentication ;
Bitfrost - Misplaced Pages Continue
3612-601: Is to prevent bystanders from reading the password; however, some argue that this practice may lead to mistakes and stress, encouraging users to choose weak passwords. As an alternative, users should have the option to show or hide passwords as they type them. Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include extortion , rubber hose cryptanalysis , and side channel attack . Some specific password management issues that must be considered when thinking about, choosing, and handling,
3698-643: Is used and sets the lease expiry time. The laptop's built-in camera and microphone are hard-wired to LEDs , so that the user always knows when they are operating. This cannot be switched off by software. Len Sassaman , a computer security researcher at the Catholic University of Leuven in Belgium and his colleague Meredith Patterson at the University of Iowa in Iowa City claim that
3784-502: The DES algorithm was used as the basis for the password hashing algorithm in early Unix systems. The crypt algorithm used a 12-bit salt value so that each user's hash was unique and iterated the DES algorithm 25 times in order to make the hash function slower, both measures intended to frustrate automated guessing attacks. The user's password was used as a key to encrypt a fixed value. More recent Unix or Unix-like systems (e.g., Linux or
3870-460: The Roman military as follows: The way in which they secure the passing round of the watchword for the night is as follows: from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribune , and receiving from him the watchword—that
3956-463: The Atalla Box secured 80% of all ATM machines in the world, increasing to 85% as of 2006. Atalla's HSM products protect 250 million card transactions every day as of 2013, and still secure the majority of the world's ATM transactions as of 2014. In the context of a financial transaction, usually both a private "PIN code" and public user identifier are required to authenticate a user to
4042-471: The Bitfrost system has inadvertently become a possible tool for unscrupulous governments or government agencies to definitively trace the source of digital information and communications that originated on the laptops. This is a potentially serious issue as many of the countries which have the laptops have governments with questionable human rights records. Password A password , sometimes called
4128-722: The IBM method. Financial PINs are often four-digit numbers in the range 0000–9999, resulting in 10,000 possible combinations. Switzerland issues six-digit PINs by default. Some systems set up default PINs and most allow the customer to set up a PIN or to change the default one, and on some a change of PIN on first access is mandatory. Customers are usually advised not to set up a PIN-based on their or their spouse's birthdays, on driver license numbers, consecutive or repetitive numbers, or some other schemes. Some financial institutions do not give out or permit PINs where all digits are identical (such as 1111, 2222, ...), consecutive (1234, 2345, ...), numbers that start with one or more zeroes, or
4214-556: The PAN excluding the checksum value, a PIN validation key index (PVKI, chosen from one to six, a PVKI of 0 indicates that the PIN cannot be verified through PVS ) and the required PIN value to make a 64-bit number, the PVKI selects a validation key (PVK, of 128 bits) to encrypt this number. From this encrypted value, the PVV is found. To validate the PIN, the issuing bank calculates a PVV value from
4300-399: The PIN had been entered correctly. The intention of this scheme would be to protect victims of muggings; however, despite the system being proposed for use in some US states, there are no ATMs currently in existence that employ this software. A mobile phone may be PIN protected. If enabled, the PIN (also called a passcode) for GSM mobile phones can be between four and eight digits and
4386-413: The above method, then adds the offset and compares this value to the entered PIN. The VISA method is used by many card schemes and is not VISA-specific. The VISA method generates a PIN verification value (PVV). Similar to the offset value, it can be stored on the card's track data, or in a database at the card issuer. This is called the reference PVV. The VISA method takes the rightmost eleven digits of
SECTION 50
#17327930518964472-431: The attacker. Some systems, such as PGP and Wi-Fi WPA , apply a computation-intensive hash to the password to slow such attacks, in a technique known as key stretching . An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and
4558-436: The authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by wiretapping methods. If it is carried as packeted data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection. Email
4644-441: The camera and to access the internet. Anybody can write and distribute programs that request allowable right combinations. Programs that require normally unapproved right combinations need a cryptographic signature by some authority. The laptop's user can use the built-in security panel to grant additional rights to any application . The users can modify the laptop's operating system , a special version of Fedora Linux running
4730-522: The card issuer not assign a PIN longer than six digits. The inventor of the ATM, John Shepherd-Barron , had at first envisioned a six-digit numeric code, but his wife could only remember four digits, and that has become the most commonly used length in many places, although banks in Switzerland and many other countries require a six-digit PIN. There are several main methods of validating PINs. The operations discussed below are usually performed within
4816-528: The composition and usage of passwords, typically dictating minimum length, required categories (e.g., upper and lower case, numbers, and special characters), prohibited elements (e.g., use of one's own name, date of birth, address, telephone number). Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords. Personal identification number A personal identification number ( PIN ; sometimes redundantly
4902-418: The conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the un-hashed password is required to gain access. Usually, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as
4988-412: The effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two or more unrelated words and altering some of the letters to special characters or numbers is another good method, but
5074-469: The entered PIN and PAN and compares this value to the reference PVV. If the reference PVV and the calculated PVV match, the correct PIN was entered. Unlike the IBM method, the VISA method does not derive a PIN. The PVV value is used to confirm the PIN entered at the terminal, was also used to generate the reference PVV. The PIN used to generate a PVV can be randomly generated, user-selected or even derived using
5160-524: The hardware on which the attack is running and the strength of the algorithm used to create the hash. Passwords that are used to generate cryptographic keys (e.g., for disk encryption or Wi-Fi security) can also be subjected to high rate guessing, known as password cracking . Lists of common passwords are widely available and can make password attacks very efficient. Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for
5246-510: The hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; they only need the hash. Rather than transmitting a password, or transmitting the hash of the password, password-authenticated key agreement systems can perform a zero-knowledge password proof , which proves knowledge of the password without exposing it. Moving a step further, augmented systems for password-authenticated key agreement (e.g., AMP , B-SPEKE , PAK-Z , SRP-6 ) avoid both
SECTION 60
#17327930518965332-492: The issuance of replacements for lost passwords, a feature called self-service password reset . The user's identity is verified by asking questions and comparing the answers to ones previously stored (i.e., when the account was opened). Some password reset questions ask for personal information that could be found on social media, such as mother's maiden name. As a result, some security experts recommend either making up one's own questions or giving false answers. "Password aging"
5418-508: The last four digits of the cardholder's social security number or birth date. Many PIN verification systems allow three attempts, thereby giving a card thief a putative 0.03% probability of guessing the correct PIN before the card is blocked. This holds only if all PINs are equally likely and the attacker has no further information available, which has not been the case with some of the many PIN generation and verification algorithms that financial institutions and ATM manufacturers have used in
5504-427: The latter requires a client to prove to a server that they know what the shared secret (i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On many systems (including Unix -type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when
5590-459: The like. Physical security issues are also a concern, from deterring shoulder surfing to more sophisticated physical threats such as video cameras and keyboard sniffers. Passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any of the available automatic attack schemes. Nowadays, it is a common practice for computer systems to hide passwords as they are typed. The purpose of this measure
5676-421: The mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in clear text. The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. The most widely used
5762-402: The morning newspaper online. The easier a password is for the owner to remember generally means it will be easier for an attacker to guess. However, passwords that are difficult to remember may also reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use
5848-476: The new Sugar graphical user interface and operating on top of Open Firmware . The original system remains available in the background and can be restored. By acquiring a developer key from a central location, a user may even modify the background copy of the system and many aspects of the BIOS . Such a developer key is only given out after a waiting period (so that theft of the machine can be reported in time) and
5934-466: The password limits the window for abuse. Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at
6020-517: The past. Research has been done on commonly used PINs. The result is that without forethought, a sizable portion of users may find their PIN vulnerable. "Armed with only four possibilities, hackers can crack 20% of all PINs. Allow them no more than fifteen numbers, and they can tap the accounts of more than a quarter of card-holders." Breakable PINs can worsen with length, to wit: The problem with guessable PINs surprisingly worsens when customers are forced to use additional digits, moving from about
6106-411: The permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN). Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of a sequence of words or other text separated by spaces
6192-421: The primary account number. To validate the PIN, the issuing bank regenerates the PIN using the above method, and compares this with the entered PIN. Natural PINs cannot be user selectable because they are derived from the PAN. If the card is reissued with a new PAN, a new PIN must be generated. Natural PINs allow banks to issue PIN reminder letters as the PIN can be generated. To allow user-selectable PINs it
6278-399: The records are secure, to prevent theft or fraud. Multi-factor authentication schemes combine passwords (as "knowledge factors") with one or more other means of authentication, to make authentication more secure and less vulnerable to compromised passwords. For example, a simple two-factor login might send a text message, e-mail, automated phone call, or similar alert whenever a login attempt
6364-461: The same password across different accounts. Similarly, the more stringent the password requirements, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system. Others argue longer passwords provide more security (e.g., entropy ) than shorter passwords with a wide variety of characters. In The Memorability and Security of Passwords , Jeff Yan et al. examine
6450-420: The same password for accounts on different systems, those will be compromised as well. More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. The most secure do not store passwords at all, but a one-way derivation, such as
6536-401: The same time, and they make removal of a particular user's access more difficult, as for instance on graduation or resignation. Separate logins are also often used for accountability, for example to know who changed a piece of data. Common techniques used to improve the security of computer systems protected by a password include: Some of the more stringent policy enforcement measures can pose
6622-552: The system. Hence, despite the name, a PIN does not personally identify the user. The PIN is not printed or embedded on the card but is manually entered by the cardholder during automated teller machine (ATM) and point of sale (POS) transactions (such as those that comply with EMV ), and in card not present transactions, such as over the Internet or for phone banking. The international standard for financial services PIN management, ISO 9564 -1, allows for PINs from four up to twelve digits, but recommends that for usability reasons
6708-413: The system. In these situations, typically the user is required to provide a non-confidential user identifier or token (the user ID ) and a confidential PIN to gain access to the system. Upon receiving the user ID and PIN, the system looks up the PIN based upon the user ID and compares the looked-up PIN with the received PIN. The user is granted access only when the number entered matches the number stored in
6794-443: The teller. It allowed the customer to type in a secret code, which is transformed by the device, using a microprocessor , into another code for the teller. During a transaction , the customer's account number was read by the card reader . This process replaced manual entry and avoided possible key stroke errors. It allowed users to replace traditional customer verification methods such as signature verification and test questions with
6880-405: The tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits. Passwords in military use evolved to include not just a password, but
6966-473: The use of password managers , single sign-on systems and simply keeping paper lists of less critical passwords. Such practices can reduce the number of passwords that must be memorized, such as the password manager's master password, to a more manageable number. The security of a password-protected system depends on several factors. The overall system must be designed for sound security, with protection against computer viruses , man-in-the-middle attacks and
7052-519: The user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the submitted password and, in many implementations, another value known as a salt . A salt prevents attackers from easily building a list of hash values for common passwords and prevents password cracking efforts from scaling across all users. MD5 and SHA1 are frequently used cryptographic hash functions, but they are not recommended for password hashing unless they are used as part of
7138-408: The user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Attackers may conversely use knowledge of this mitigation to implement a denial of service attack against the user by intentionally locking
7224-421: The user out of their own device; this denial of service may open other avenues for the attacker to manipulate the situation to their advantage via social engineering . Some computer systems store user passwords as plaintext , against which to compare user logon attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ
7310-615: The user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions that are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers. In 2013, Google released a list of the most common password types, all of which are considered insecure because they are too easy to guess (especially after researching an individual on social media), which includes: Traditional advice to memorize passwords and never write them down has become
7396-422: The various BSD systems) use more secure password hashing algorithms such as PBKDF2 , bcrypt , and scrypt , which have large salts and an adjustable cost or number of iterations. A poorly designed hash function can make attacks feasible even if a strong password is chosen. LM hash is a widely deployed and insecure example. Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to
#895104