• DocumentCode
    830742
  • Title

    Comparing passwords, tokens, and biometrics for user authentication

  • Author

    Gorman, Lawrence O.

  • Author_Institution
    Avaya Labs., Basking Ridge, NJ, USA
  • Volume
    91
  • Issue
    12
  • fYear
    2003
  • fDate
    12/1/2003 12:00:00 AM
  • Firstpage
    2021
  • Lastpage
    2040
  • Abstract
    For decades, the password has been the standard means for user authentication on computers. However, as users are required to remember more, longer, and changing passwords, it is evident that a more convenient and secure solution to user authentication is necessary. This paper examines passwords, security tokens, and biometrics-which we collectively call authenticators-and compares these authenticators and their combinations. We examine their effectiveness against several attacks and suitability for particular security specifications such as compromise detection and nonrepudiation. Examples of authenticator combinations and protocols are described to show tradeoffs and solutions that meet chosen, practical requirements. The paper endeavors to offer a comprehensive picture of user authentication solutions for the purposes of evaluating options for use and identifying deficiencies requiring further research.
  • Keywords
    biometrics (access control); identification technology; protocols; security; speaker recognition; access control; biometrics; end-user authentication; human authentication; identity management; identity token; passwords; verification; Authentication; Biometrics; Computer networks; Humans; Identity management systems; Internet; Protection; Protocols; Security; Web sites;
  • fLanguage
    English
  • Journal_Title
    Proceedings of the IEEE
  • Publisher
    ieee
  • ISSN
    0018-9219
  • Type

    jour

  • DOI
    10.1109/JPROC.2003.819611
  • Filename
    1246384