Secure authentication with one-time passwords

Whispered Once

© Nikolay Okhitin, Fotolia

© Nikolay Okhitin, Fotolia

Article from Issue 96/2008
Author(s):

A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.

Despite the biometrics boom, passwords are still the most popular means of authentication. In hostile environments, rogue users try to sniff or log password entries. You can foil these attempts by using one-time passwords. A one-time password becomes obsolete after it is used.

Even if an attacker were to sniff the password en route to the authentication server, the password would be useless.For a one-time password to work, the client must have some means for determining what password to use, and the server must know what password to expect.

Techniques

Security experts have developed several techniques for generating one-time passwords. Some methods base a new password on a mathematical manipulation of the previous password – or on a mathematical manipulation of the current time. Another technique known as challenge-response starts with the server sending a random number to the client. The client then calculates a response using a process that is known to both parties.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Smart Access Intro

    Maybe password security isn't perfect, but most networks depend on it. This month we examine some tools for smarter, more versatile authentication.

    more »
  • 2FA

    Protect your system from unwanted visitors with two-factor authentication.

    more »
  • Secure Online Passwords

    Securely storing passwords online can be a complex task. With a few tools, websites can offer better security, but users still need to choose their passwords wisely.

    more »
  • One-Time Passwords on the Web

    Add security to your website with a one-time password system.

    more »
  • OpenKubus

    If you are ready to experiment, an OpenKubus USB stick just might solve your password problems.

    more »
comments powered by Disqus