<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<table class="backgroundTable" width="100%" bgcolor="#ffffff"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top" align="left">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.01060303.07000402@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
valign="top"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4Cast #322: Giving
passwords a pass</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">February 20th, 2013</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><img
alt="key ring"
src="cid:part4.07010900.06040209@oplin.org"
height="100" width="105" align="left">How many
passwords do you have? How many do you have
trouble remembering? How many of your co-workers
tape their passwords on the underside of their
keyboard? Isn't there a better way to handle user
authentication? Last week, we looked at "social
login" authentication, one alternative to
passwords that is popular for its ease of use, but
may not be particularly secure. But social login
is only one entry in the effort to replace
passwords. Regardless of how it gets done, it
seems that the end of the password may be coming
soon.
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.deloitte.com/view/en_GX/global/industries/technology-media-telecommunications/tmt-predictions-2013/tmt-predictions-2013-technology/9eb6f4efcbccb310VgnVCM1000003256f70aRCRD.htm">P@$$1234:
the end of strong password-only security</a>
(Deloitte TMT Predictions 2013) "However, a
number of factors, related to human behavior and
changes in technology, have combined to render
the 'strong' password vulnerable. First, humans
struggle to remember more than seven numbers in
our short-term memory. Over a longer time span,
the average person can remember only five.
Adding letters, cases, and odd symbols to the
mix makes remembering multiple characters even
more challenging. As a result, people use a
variety of tricks to make recalling passwords
easier. For example, users often create
passwords that reference words and names in our
language and experience. Users typically put the
upper case symbol at the beginning of the
password and place the numbers at the end of the
password, repeating the numbers or putting them
in ascending order. Although a keyboard has 32
different symbols, humans generally only use
half-a-dozen in passwords because they have
trouble distinguishing between many of them.
These tricks and tendencies combine to make
passwords less random, and therefore weaker."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.wired.com/wiredenterprise/2013/01/google-password/all/">Google
declares war on the password</a> (Wired/Robert
McMillan) "Passwords are a cheap and easy way to
authenticate web surfers, but they're not secure
enough for today's internet, and <a
href="http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/">they
never will be</a>. Google agrees. 'Along with
many in the industry, we feel passwords and
simple bearer tokens such as cookies are no
longer sufficient to keep users safe,' Grosse
and Upadhyay write in their paper. Thus, they're
experimenting with new ways to replace the
password, including a tiny <a
href="http://www.yubico.com/">Yubico</a>
cryptographic card that - when slid into a USB
(Universal Serial Bus) reader - can
automatically log a web surfer into Google."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://threatpost.com/en_us/blogs/darpa-fido-alliance-join-race-replace-passwords-021213">DARPA,
FIDO Alliance join race to replace passwords</a>
(Threatpost/Brian Donohue) "For years, industry
thinkers have somewhat vaguely referenced the
need for Internet fingerprints capable of
reliably verifing identities online. Yet here we
are, it's 2013 and passwords remain the primary
means of authenticating users onto networks and
workstations. Two groups today announced
projects bent on taking passwords to the curb.
The first is an industry group calling itself
the FIDO (Fast IDentity Online) Alliance. ...
The second is the Defense Advanced Research
Project Agency (DARPA), a research and
development arm of the Defense Department."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.securityweek.com/paypal-lenovo-alliance-launches-new-system-fix-password-problem">Internet
giants launch new system to fix the password
problem</a> (SecurityWeek/Fahmida Y. Rashid)
"Under the FIDO specification, businesses would
be able to authenticate and authorize users
using existing hardware devices, such as
smartphones and tablets, fingerprint readers,
microphones, cameras, TPM chips, near-field
communications, and one-time password tokens.
Instead of traditional username and password
combinations, the device the user happens to be
holding would play a more central role in
authentication, according to the FIDO Alliance.
This would make it much more difficult for
attackers to steal login credentials and
compromise user accounts, Barrett said."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Overused
fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">Last year,
the Trustwave security services firm found that
the most commonly used password on business
systems - and thus the least secure - was <em>Password1</em>.
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >="" valign="top" width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"><span
style="font-size: 10px; color: rgb(96, 96, 96);
line-height: 100%; font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);" valign="top"
width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg">
<br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
</body>
</html>