How to Adapt one-time passwords to the multi-factor authentication mode

Multi-factor authentication is a term, it is used to describe two or more different authentication modes to improve the security mechanism that avoids, damages, or bypasses the difficulty of the normal Identity Authentication System in other ways. For multi-factor authentication, the key is that each "factor" uses a different type of authentication mechanism, rather than the second type of authentication uses different instances of the same mechanism.

Verification factors used for authentication often fall into one of the following three categories:

◆ Essential user attributes: biometrics is the most common example for this category.

◆ User attributes: specific items such as smart cards, mobile phones, and laptops can all be used as authentication factors of this type.

◆ User requirement attributes: for such authentication factors, the most common example is a password.

Generally, the one-time password system is a user-required authentication factor for the attribute category. However, for malicious Security hackers, it is difficult to crack unusual bones (here there is a punption ). For a typical password authentication system, a prompt box is displayed. You can enter the password you remember to enter the environment. For a one-time password system, different passwords are used each time the identity is authenticated. Each password can only be used once. This is the source of the phrase "one time.

For one-time password system logon, different one-time passwords are used each time. A good system usually uses two different methods to establish a limited generation time to generate a predictable computing password system: in some one-time password systems, the token or software is used for password input in the corresponding system. To prevent other people from predicting the password generation method, the system encrypts the random starting point. This measure is called the salt effect by the cryptology ", it can be used to secretly adjust the password output process. In this way, it is foreseeable that the system can be one-way confirmed and cannot be reversed, so that the given one-time password can only be used at a time, and repeated use will be rejected by the system.

Depending on the strict definition of authentication factor separation and the specific working principle of the corresponding one-time password system, introducing one-time passwords into the authentication system can indeed achieve the security provided by the multi-factor authentication mode. This is an implementation mode that involves the use of independent hardware tokens such as USB devices or smart phones. You can generate the next password as needed and it should belong to the "user-owned attribute" category. In fact, the mode from the input box is more traditional. There are also deficiencies in using the reusable password input mode as the second authentication factor, some types of attacks can simultaneously break reusable passwords and one-time passwords. However, for authentication modes, the two password authentication modes may at least improve security.

Regardless of whether the one-time password system meets the strict definition of the multi-factor authentication mode, it can indeed improve security and make unauthorized authentication difficult. DebianGNU, Linux, FreeBSD, and other operating systems all provide a one-time password system that is easy to install and configure. The security market also provides similar one-time password applications, A smart phone can be converted into an independent hardware token to support a one-time password system.

For users, the biggest benefit of a one-time password system is to avoid some risks caused by the interception of network traffic by tools such as keyboard recorders that can record all information. Of course, if a keyboard recorder exists in the system, you should do more than that. However, before the existing keyboard recorder is discovered, A one-time password prevents malicious Security hackers from obtaining the password for logging on to the system.