Password cracking: proving your login insecure (or not)

Password cracking: proving your login insecure (or not) by N. Gobbo, S. Aruch, D. Vitali {n.gobbo, s.aruch, d.vitali}@reply.it “

Please, enter your username and password.” In our digital life we read this request many times a day, for example while accessing our e-mail portal, the bank account, facebook and any other web-service that, in order to deliver the tailored experience we are used to, needs to know the answer to a simple question: “who are you?”

The process of proving who you are to another entity that knows you only “partially” or, maybe, cannot meet you in person, is called authentication: this problem came up quite often in history and still poses a challenging task nowadays. If we get back in time, for example, we may have found a sentry asking the secret sentence before letting the stranger in front of him cross the bridge. Moving forth in time, we may have intercepted some treasure chests secured by a couple of padlocks or a letter sealed by a peculiar-shaped red-wax insignia. More recently, instead, you may have been asked to put your face into a wall hole in order to have your face analyzed before entering the bank vault.

Each of the examples presented shows one of the three authentication factors that has been identified in literature. You may prove your identity using:

Figure 1. Examples of the three authentication factors: Google login prompt filled with credentials, an OTP key from RSA and a human fingerprint 

Continue reading “Password cracking: proving your login insecure (or not)” →