Mnemonic Password Formulas
The information technology landscape is cluttered with large numbers of
information systems, many of which have their own individual
authentication systems. Even with single-sign-on and multi-system
authentication mechanisms, systems within disparate authentication
domains are likely to be accessed by users of various levels of
involvement with the landscape as a whole. Due to this inherent
complexity and abundance of varying authentication requirements, users
must manage volumes of password credentials for all of the systems that
they interface with regularly. This has given rise to many different
insecurities resulting from poor methods of password selection and
management. This paper describes some security issues facing users and
management of authentication systems that involve passwords, further
discusses current approaches to mitigating those issues, and then
finally introduces a new method for password recall and management
termed Mnemonic Password Formulas.
About the Speaker
I)ruid, C˛ISSP
Founder of the Computer Academic Underground, co-founder of the Austin
Hackers Association (AHA!), and currently employed in VoIP Security
Research by TippingPoint, a divsion of 3Com, I)ruid has over a decade of
experience in various areas of information security including
vulnerability assessment and penetration testing, secure network
architecture, and vulnerability research and development, including
research in specific areas related to the security of network protocols,
network applications, and Voice over IP (VoIP).
Over the years I)ruid has been involved with many security community
projects such as design and development of SPF for e-mail (RFC 4408) and
contributing as a data mangler for the OSVDB. I)ruid has also released
numerous tools to the community such as the infamous PageIt! mass-paging
tool and the hcraft HTTP exploit-crafting framework. He regularly
releases vulnerability and exploit advisories, speaks at security
related events and conferences, is on the Technical Advisory Board of
the Voice over IP Security Alliance (VoIPSA), is an active participant
in various VoIPSA projects, and is a regular contributor to the Voice of
VoIPSA blog.
|
