exploring software and hardware security

articles about secure systems, secure protocols, tamperproofing, obfuscation, authentication, attack vectors…

One-Time Passwords

Posted by davitb on 2nd October 2009

I decided to continue the series of “user authentication” related articles (which I started with article Conventional Website Authentication Model and its Weaknesses) and bring more details about one-time passwords.

In this article I will overview the following topics:

  • Basic ideas behind OTP
  • OTP Types
  • Vulnerabilities
  • Standards and Applications

To make the illustration of OTP more practical we will implement a web server with authentication from scratch by trying to integrate an OTP scheme.

Read the rest of this entry »

  • Share/Bookmark

Tags: , , , , , , , , ,
Posted in authentication | No Comments »

Conventional website authentication model, its weaknesses and alternatives

Posted by davitb on 27th September 2009

The current article discusses the problems of authentication schemes that are used by websites and browsers while the user logs in to a website.

The following topics will be covered:

  • Conventional user and website authentication model
  • Weak points of password based authentication
  • Weak points of website authentication
  • Alternative ways for user authentication in websites

Note that by the term “conventional” we mean the most popularly used authentication scheme – username/password.

Read the rest of this entry »

  • Share/Bookmark

Tags: , , , , , ,
Posted in authentication, browser security | 5 Comments »

 

Valid XHTML 1.0 Transitional