Electronic authentication guideline

Burr, William E.; Dodson, Donna F.; Polk, William T.

doi:10.6028/nist.sp.800-63v1.0.2

Cited by 95 publications

(76 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To place this time in context, we compare it to Forget et al [9], who reported login times for 8-character text passwords as well as Persuasive Text Passwords (PTPs). 2 In the PTP variant that provided the optimal combination of security and usability, the login time was 17.1 sec. ; in this variant, users must memorize two extra characters in addition to their password.…”

Section: Interpretation Of Resultsmentioning

confidence: 99%

“…For a rough comparison, by NIST's historical password entropyestimation heuristics [2], assuming a 94-character alphabet (common printable characters excluding space), a 12-character user-chosen text password has about 24 bits of entropy: 4 bits for the first character, 2 each for the next 7, and 1.5 each for the last 4. If policy requires both uppercase and special characters, this rises to 30 bits; cf.…”

Section: Entropy Of Obpwd Password (Default Settings)mentioning

confidence: 99%

See 1 more Smart Citation

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects

Biddle

Mannan

Oorschot

et al. 2011

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract-Despite all efforts, password schemes intended to deploy or encourage the use of strong passwords have largely failed. As an alternative to enable users to create, maintain and use high quality passwords willingly, we propose Object-based Password (ObPwd), leveraging the universe of personal or personally meaningful digital content that many users now own or have access to. ObPwd converts user-selected digital objects to high-entropy text passwords. Memorization of exact passwords is replaced by remembering password objects. We present the design details, variants, and usability and security analysis of ObPwd; and report on the results of a hybrid in-lab/at-home user study on 32 participants. The results suggest the scheme has good usability, with excellent memorability, acceptable login times, and very positive user perception, achieved while providing strong security for the threat context explored. We believe this work lays the foundations for a promising password selection paradigm.

show abstract

Section: Interpretation Of Resultsmentioning

confidence: 99%

Section: Entropy Of Obpwd Password (Default Settings)mentioning

confidence: 99%

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects

Biddle

Mannan

Oorschot

et al. 2011

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…In NIST standard [4], we see four axis for evaluating authentications. In this paper, we borrow related two axes of evaluation: levels of initial identification (more generally, ID lifecycle management in [17,18]), and levels of tokens.…”

Section: Definitionmentioning

confidence: 99%

“…Generally, they are called "level of assurance (LoA)." There are defined some standards of LoAs such as NIST 800-63 [4] for evaluating the levels. In such situations, an SP(service provider) requires an appropriate LoA to an IdP(ID provider) for accessing its information assets.…”

Section: Stratified Paths Depending On Loamentioning

confidence: 99%

See 1 more Smart Citation

Design of Graded Trusts by Using Dynamic Path Validation

Kubo¹,

Satō²

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. In modern information service architectures, security is one of the most critical criteria. Almost every standard on information security is concerned with internal control of an organization, and particularly with authentication. If an RP (relying party) has valuable information assets, and requires a high level to authentication for accepting access to the valuable assets, then a strong mechanism is required. Here, we focus on a trust model of certificate authentication. Conventionally, a trust model of certificates is defined as a validation of chains of certificates. However, today, this trust model does not function well because of complexity of paths and of requirement of security levels. In this paper, we propose "dynamic path validation," together with another trust model of PKI for controlling this situation. First, we propose Policy Authority. Policy Authority assigns a level of compliance (LoC) to CAs in its domain. LoC is evaluated in terms of a common criteria of Policy Authority. Moreover, it controls the path building with considerations of LoC. Therefore, we can flexibly evaluate levels of CP/CPS's in one server. In a typical bridge model, we need as many bridge CAs as the number of required levels of CP/CPS's. In our framework, instead, we can do the same task in a single server, by which we can save the cost of maintaining lists of trust anchors of multiple levels.

show abstract

Remote Authentication

Markowitz¹

2009

Encyclopedia of Biometrics

View full text Add to dashboard Cite

Electronic authentication guideline

Cited by 95 publications

References 0 publications

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects

Design of Graded Trusts by Using Dynamic Path Validation

Remote Authentication

Contact Info

Product

Resources

About