What’s wrong with Passwords ?

• Passwords in transit are subject to sniffing & replay attacks.

  • Never send passwords in clear-text (use APOP, SPEKE, etc)

• Simple passwords vulnerable to dictionary attack

• Complex passwords are difficult for user to manage.

  • Vulnerable to social engineering

• Remotely stored passwords are out of user’s control.

  • Can be attacked at server.
  • “A secret shared, isn’t.”

Previous slide

Next slide

Back to first slide

View graphic version