Wednesday, April 3, 2013

One-time passwords and their reliability

    Protection of sites and services is now rather important task. Therefore the various technologies increasing their protection develop.

   Rather new way of providing additional level of protection of a site is use of one-time passwords. They are generated by means of the special program – the generator of passwords. As a result in addition to the usual password giving access to the special interface of the website, the unique disposable code is used.

   Advantages consist in the following. If the usual password is stolen by malefactors at remote listening of a traffic or otherwise, the thief all the same won't be able to get access to a site since it has no set of one-time passwords. Even if the one-time password will be stolen during its input by the user, the second time it any more won't work. I.e. to the malefactor to hack such site, it is necessary to steal generating device.

   However rather often happens that passwords are stolen not by means of listening of a network traffic, and with use of the administrator introduced on the computer or the user of the website of the espionage program (keyloger). This program reads out the password at the time of input from the keyboard or finds it in certain files on a disk then transfers data to the malefactor.

   The espionage program can intercept the one-time password on an equal basis with reusable at the time of input from the keyboard. Thus the burglar manages to outstrip the real owner of the one-time password at access to a site. By means of the same program of the spy or features of work the Internet (for example, DNS) it will redirect a traffic, imitating failures at access to pages of the website and forcing the victim to enter additional one-time passwords.

  One-time passwords certainly increase security of a site, however don't guarantee it therefore you shouldn't forget about other security measures.

No comments:

Post a Comment