DocumentCode
830742
Title
Comparing passwords, tokens, and biometrics for user authentication
Author
Gorman, Lawrence O.
Author_Institution
Avaya Labs., Basking Ridge, NJ, USA
Volume
91
Issue
12
fYear
2003
fDate
12/1/2003 12:00:00 AM
Firstpage
2021
Lastpage
2040
Abstract
For decades, the password has been the standard means for user authentication on computers. However, as users are required to remember more, longer, and changing passwords, it is evident that a more convenient and secure solution to user authentication is necessary. This paper examines passwords, security tokens, and biometrics-which we collectively call authenticators-and compares these authenticators and their combinations. We examine their effectiveness against several attacks and suitability for particular security specifications such as compromise detection and nonrepudiation. Examples of authenticator combinations and protocols are described to show tradeoffs and solutions that meet chosen, practical requirements. The paper endeavors to offer a comprehensive picture of user authentication solutions for the purposes of evaluating options for use and identifying deficiencies requiring further research.
Keywords
biometrics (access control); identification technology; protocols; security; speaker recognition; access control; biometrics; end-user authentication; human authentication; identity management; identity token; passwords; verification; Authentication; Biometrics; Computer networks; Humans; Identity management systems; Internet; Protection; Protocols; Security; Web sites;
fLanguage
English
Journal_Title
Proceedings of the IEEE
Publisher
ieee
ISSN
0018-9219
Type
jour
DOI
10.1109/JPROC.2003.819611
Filename
1246384
Link To Document