DOCSLIB.ORG

December 2014 Using Your Smart Phone As a Credit Card Substitute

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
December 2014 Using Your Smart Phone As a Credit Card Substitute Newsletter of the Potomac Area Technology and Computer Society December 2014 www.patacs.org Page 1 Using Your Smart Phone as a Credit Card Substitute by Ira Wilsker WEBSITES: https://www.paypal.com/us/webapps/mpp/pay-in- http://currentc.com stores http://www.pcworld.com/article/2607312/how- https://www.paypal.com/us/webapps/mpp/store- apple-pay-could-make-the-target-and-home- locator depot-breaches-a-thing-of-the-past.html http://www.pcworld.com/article/2846535/a-guide- https://www.gosoftcard.com to-the-top-mobile-payments-options.html https://wallet.google.com http://www.apple.com/apple-pay/ https://www.google.com/wallet/shop-in-stores/ www.mercurynews.com/business/ci_26938386/ http://www.mastercard.us/cardholder-services/ mobile-payments-apple-pay-google-wallet-and- paypass-locator.html otherhttp://currentc.com http://www.pcworld.com/article/2607312/how- (continued on page 2) Using Your Smart Phone as a Credit Card Substitute ………...…....1 Fairfax October Meeting ……………………………………………6 Linux Sites Recommended By Geof Goodrum………………..........8 With All of the Media Reports About Massive Data Breaches, What Can We Do?..............................................................................9 Valuable Information From the PATACS Site ………………….....12 Vendors Recommended By Members…..…………………………..13 PATACS Annual Financial Report, Fiscal Year 2014 ……………...l4 PATACS Information ……………………………………………..,.15 December 2014 PATACS Posts Page 2 the number of Euro- pean credit and debit cards that were hi- jacked was much smaller. For the past several years, the ma- jority of European (and many Asian) issued cards have had a more secure embed- ded microchip that contained the cus- tomer information, It should be news to no one that over the rather than the magnetic stripe widely used past year there have been massive data breaches at here. As overseas POS terminals (and many thousands of retail locations. In my case, over the ATMs) were modified or replaced in order to past year, my bankcard issuers have initiated the take advantage of the more secure microchip replacement of four credit cards and a debit card technology, most domestic POS users have often (one major credit card was replaced twice). Since I been reluctant to implement the enhanced secu- carefully review my monthly credit card statements rity technologies citing the massive capital in- for questionable activity, I am fairly confident that vestment in the current generation of magnetic although several of my accounts were compro- stripe POS readers. Looking at my recently re- mised by the massive retail data breaches, there placed credit cards, all have the embedded chip, have been no illicit transactions posted to any of as well as a magnetic stripe. my accounts. These data breaches and the related vul- Following last year's massive Target data nerabilities have obviously caught the attention theft, the media played up the fact that most credit of our domestic technology industry, as in recent and debit cards in the United States are still using months there has been a flurry of technological the obsolescent magnetic stripe technology in order advancements that may offer most of us the op- to process "POS" (Point of Sale) transactions. It is portunity to mitigate the risks of a somewhat the vulnerability of this magnetic stripe data, and insecure plastic credit or debit card. While the methods used to process the digital transac- much of the media fanfare has gone to the intro- tions, have made such transactions vulnerable to duction of Apple's Apple Pay electronic pay- cyber attack. As the American credit and debit ments system (apple.com/apple-pay), others cards were purloined by the hundreds of millions, have been active in promoting their respective systems including eBay's PayPal, xx , xxxxxx (continued on page 3) www.patacs.org December 2014 PATACS Posts Page 3 Google’s Wallet, CurrentC (a joint effort of Sears, cording to Apple, "One touch to pay with Target, and WalMart, CVS, and others), GoSoft- Touch ID. Now paying in stores happens in Card (joint effort of American Express, Chase, one natural motion - there’s no need to open an and Wells Fargo), and several others. While there app or even wake your display thanks to the are some variations in the technologies utilized by innovative Near Field Communication antenna each, they are all designed to allow the use with a in iPhone 6. To pay, just hold your iPhone near smart phone or related device to make secure re- the contactless reader with your finger on tail transactions without the use of a traditional Touch ID. You don’t even have to look at the plastic credit or debit card. screen to know your payment information was With its outstanding ability to promote successfully sent. A subtle vibration and beep itself, Apple has had much of the media spotlight let you know." Other Apple devices, without with its recently announced Apple Pay sys- the NFC capability can use the Apple Pay app along with an integral finger print reader (part tem. According to Apple, "Paying in stores or of the Apple Pay app) to complete a financial within apps has never been easier. Gone are the transaction without presenting a plastic credit days of searching for your wallet. The wasted mo- card. Apple Pay requires that one or more es- ments finding the right card. Now payments hap- tablished credit card accounts be linked to Ap- pen with a single touch. Apple Pay will change ple Pay, with the user having the option to se- how you pay with breakthrough contactless pay- lect which credit card will be used to process ment technology and unique security features the Apple Pay transaction. By default, the credit card linked to the user's iTunes account built right into the devices you have with you eve- is the primary credit source, but other cards ry day. So you can use your iPhone, Apple can be securely added to the account. Watch, or iPad to pay in a simple, secure, and pri- PayPal, one of the world's most widely used vate way." What garnered the most attention is a digital payment systems, recently introduced feature of the iPhone 6 devices (also present on its own smart phone app that can be used for in many other recent smart phones) called "NFC" or -store POS transactions (paypal.com/us/ "Near Field Communications". This is a very webapps/mpp/pay-in-stores), without the use of a plastic credit card. According to PayPal, short range radio technology that allows digital "Forget your wallet. Use our app like a wallet devices to communicate with each other when to pay at the counter, from the table, or from held physically close to each other. Again, ac- around the corner, your order is in your hands. (continued on page 4) www.patacs.org December 2014 PATACS Posts Page 4 smart phones, as CurrentC does not incorporate store gift cards, and selected credit and debit card NFC. Instead of using NFC, which is not availa- (Pay). ble on most of the existing smart phones, Cur- I predict that as these new technologies become rentC displays a unique bar code or QR type of more widely implemented, we will see the num- image on the phone screen that is scanned by the ber of mass data thefts decline, saving the finan- cashier; every transaction will have a unique im- cial institutions (and their millions of account age displayed. CurrentC is designed to connect holders) from substantial losses. We will also see directly to the consumer's bank account, bypass- these payment systems evolve and improve as ing the credit card fees imposed by the bank cards they become more widely accepted, along with on the retailers. Like many of the existing indi- the inevitable failure of some. We may see con- vidual store cards and loyalty cards, CurrentC can solidations (mergers) among some of these sys- take advantage of the personal information en- tems, and some may simply cease to exist as they tered by the user when the account is creat- find that they cannot successfully compete in the ed. Since CurrentC will have some personal in- market place. formation, incentives, rewards, coupons and other Whatever happens with these new pay- promotions may be offered the user. CurrentC ment systems, it appears likely that our traditional will implement a "Save, Earn Pay" service where plastic credit cards may become as obsolescent as users will automatically receive offers, coupons, paper checks have become, and these new tech- and other incentives from the participating retail- nologies will reign supreme ... until some newer ers (Save); get instant points and rewards from technologies make these obsolete. In terms of participating loyalty programs (Earn); and com- POS payment technology, this will be an interest- bine and coordinate between checking accounts, ing couple of years. www.patacs.org December 2014 PATACS Posts Page 5 Or simply select PayPal at the register to log in American Express offering a $1 cash back bo- and pay, just like online." Experimenting with nus, in addition to any other rewards, for each the PayPal Store Locator (paypal.com/us/ SoftCard transaction utilizing American Express. webapps/mpp/store-locator), using the Examin- Google wants very badly to compete in er's zip code (77701), there were about 75 nearby this lucrative field, and had developed an ad- businesses that accept payments with the PayPal vanced digital "Wallet" (wallet.google.com) that app including Home Depot, Dollar General, Of- can utilize a secure app that can be used for a ficeDepot, American Eagle, Aeropostale, variety of transactions. For users with NFC ToysRUs, Academy Sports, and a variety of med- compatible phones, that feature can be used at ical offices, florists, clothing stores and bou- many retail locations; for those without a com- tiques, restaurants, retailers and service business- patible phone, Google Wallet offers a secure es.
Load more

Recommended publications
  • April, 2021 Spring
    VVoolulummee 116731 SeptemAbperril,, 22002201 Goodbye LastPass, Hello BitWarden Analog Video Archive Project Short Topix: New Linux Malware Making The Rounds Inkscape Tutorial: Chrome Text FTP With Double Commander: How To Game Zone: Streets Of Rage 4: Finaly On PCLinuxOS! PCLinuxOS Recipe Corner: Chicken Parmesan Skillet Casserole Beware! A New Tracker You Might Not Be Aware Of And More Inside... In This Issue... 3 From The Chief Editor's Desk... 4 Screenshot Showcase The PCLinuxOS name, logo and colors are the trademark of 5 Goodbye LastPass, Hello BitWarden! Texstar. 11 PCLinuxOS Recipe Corner: The PCLinuxOS Magazine is a monthly online publication containing PCLinuxOS-related materials. It is published primarily for members of the PCLinuxOS community. The Chicken Parmesean Skillet Casserole magazine staff is comprised of volunteers from the 12 Inkscape Tutorial: Chrome Text PCLinuxOS community. 13 Screenshot Showcase Visit us online at http://www.pclosmag.com 14 Analog Video Archive Project This release was made possible by the following volunteers: Chief Editor: Paul Arnote (parnote) 16 Screenshot Showcase Assistant Editor: Meemaw Artwork: ms_meme, Meemaw Magazine Layout: Paul Arnote, Meemaw, ms_meme 17 FTP With Double Commander: How-To HTML Layout: YouCanToo 20 Screenshot Showcase Staff: ms_meme Cg_Boy 21 Short Topix: New Linux Malware Making The Rounds Meemaw YouCanToo Pete Kelly Daniel Meiß-Wilhelm 24 Screenshot Showcase Alessandro Ebersol 25 Repo Review: MiniTube Contributors: 26 Good Words, Good Deeds, Good News David Pardue 28 Game Zone: Streets Of Rage 4: Finally On PCLinuxOS! 31 Screenshot Showcase 32 Beware! A New Tracker You Might Not Be Aware Of The PCLinuxOS Magazine is released under the Creative Commons Attribution-NonCommercial-Share-Alike 3.0 36 PCLinuxOS Recipe Corner Bonus: Unported license.
    [Show full text]
  • Password Managers an Overview
    Peter Albin Lexington Computer and Technology Group March 13, 2019 Agenda One Solution 10 Worst Passwords of 2018 Time to Crack Password How Hackers Crack Passwords How Easy It Is To Crack Your Password How Do Password Managers Work What is a Password Manager Why use a Password Manager? Cloud Based Password Managers Paid Password Managers Free Password Managers How to Use LastPass How to Use Dashlane How to Use Keepass Final Reminder References March 13, 2019 2 One Solution March 13, 2019 3 10 Worst Passwords of 2018 1. 123456 2. password 3. 123456789 4. 12345678 5. 12345 6. 111111 7. 1234567 8. sunshine 9. qwerty 10. iloveyou March 13, 2019 4 Time to Crack Password March 13, 2019 5 Time to Crack Password March 13, 2019 6 Time to Crack Password March 13, 2019 7 Time to Crack Password Time to crack password "security1" 1600 1400 1200 1000 Days 800 Days 600 400 200 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Year March 13, 2019 8 How Hackers Crack Passwords https://youtu.be/YiRPt4vrSSw March 13, 2019 9 How Easy It Is To Crack Your Password https://youtu.be/YiRPt4vrSSw March 13, 2019 10 How Do Password Managers Work https://youtu.be/DI72oBhMgWs March 13, 2019 11 What is a Password Manager A password manager will generate, retrieve, and keep track of super-long, crazy-random passwords across countless accounts for you, while also protecting all your vital online info—not only passwords but PINs, credit-card numbers and their three-digit CVV codes, answers to security questions, and more … And to get all that security, you’ll only need to remember a single password March 13, 2019 12 Why use a Password Manager? We are terrible at passwords We suck at creating them the top two most popular remain “123456” and “password” We share them way too freely We forget them all the time We forget them all the time A password manager relieves the burden of thinking up and memorizing unique, complex logins—the hallmark of a secure password.
    [Show full text]
  • USM Anywhere Alienapps List
    USM Anywhere AlienApps List The AT&T Alien Labs™ Security Research Team regularly updates the data source library to increase the extensibility of USM Anywhere. These AlienApps enable your USM Anywhere Sensor to process and analyze logs produced by your existing devices and applications. Note: This table shows the AlienApps that ship with USM Anywhere as of June 17, 2021. If you cannot find the app that you are looking for, submit a request here so we can build one for you. List of AlienApps Available in USM Anywhere Auto- Data Source AlienApp Log Format discovered AdTran Switch AdTran Switch RegEx No Aerohive WAP Aerohive Networks Aerohive WAP RegEx No AIX Audit IBM AIX Audit RegEx No Akamai ETP Akamai ETP JSON No Alibaba Cloud Alibaba Cloud Key-Value Yes AlienVault Agent None. Data received through JSON No AlienVault Agent AlienVault Agent - Windows None. Data received through JSON No EventLog AlienVault Agent AlienVault Cluster Management AlienVault Cluster Management RegEx No Application Application AlienVault Internal API AT&T Cybersecurity Forensics and JSON No Response AlienVault NIDS None. Data received through a JSON Yes deployed sensor Amazon Aurora AWS Aurora CSV No Amazon AWS CloudTrail AWS CloudTrail JSON No Amazon CloudFront Real Time AWS CloudFront Real Time Logs W3C No Logs W3C W3C Amazon EKS API Server AWS EKS API Server RegEx No Amazon EKS API Server Audit AWS EKS API Server Audit JSON No USM Anywhere™ AlienApps List 1 List of AlienApps Available in USM Anywhere (Continued) Auto- Data Source AlienApp Log Format discovered
    [Show full text]
  • HACK Enpass Password Manager
    1 / 2 HACK Enpass Password Manager Mar 23, 2021 — So, is this password manager right for you or your business? In our Enpass review, we'll take a closer look at everything this software has to offer.. Results 1 - 100 of 338 — TOTP is an algorithm that computes a one-time password from a shared secret ... codes to protect your online accounts from hackers (bad guys). ... code in my password manager, especially for password managers that can ... Segregate data using Multiple vaults Enpass facilitates you with an option to .... Jan 9, 2019 — Password manager company OneLogin was actually hacked, and the ... EnPass: Here's something unusual—a password manager that goes .... Use Enpass audit tools to identify weak, identical, and old passwords. Your password manager is your digital security best friend. You are using a password .... The Synology Disk Station Manager (DSM) is the Operating System (OS) that runs on your Synology unit. ... a prerequisite while using Enpass it is not really neccessary to me to sync with CloudStation. ... For iOS 13/12 users: Open the Settings app > Passwords & Accounts > Add Account > Other ... Mikrotik hack github.. We will send a One-time password (OTP) to your registered email address and ... set of Enpass users by letting them store their time based one time passwords of ... Hackers use credit card skimmers to obtain the magnetic stripe information of a ... Open Google Chrome and click the GateKeeper Password Manager Chrome .... Jun 16, 2021 — Using an online password manager? … Are they safe from hackers?? Use Enpass to securely organize everything at one place.
    [Show full text]
  • Ovum Market Radar: Password Management Tools
    Ovum Market Radar: Password Management Tools Improving cybersecurity by eliminating weak, reused, and compromised passwords Publication Date: 17 Aug 2019 | Product code: INT005-000010KEEPER Richard Edwards Ovum Market Radar: Password Management Tools Summary Catalyst Cybersecurity often depends on the choices made by individuals. Most of these individuals are conscientious when it comes to preserving the confidentiality, integrity, and availability of corporate systems and customer data. However, if we consider the ways in which passwords and account credentials are used and managed, we can easily see weaknesses in our cybersecurity defenses. Password management tools have entered the mainstream, with more than 70 apps competing for user attention in the Google Play Store alone. There’s also a good selection of products targeting teams, businesses, and enterprises. However, these products need to adapt and evolve to win new business, protect against new cybersecurity threats, and support the move toward a “password-less” enterprise. Ovum view Key findings from an Ovum survey of IT decision-makers and enterprise employees reveals that password management practices are out of date, overly reliant on manual processes, and highly dependent on employees “doing the right thing”. If the alarm bell isn’t ringing, it should be. Cybersecurity training and awareness programs are useful, but to keep the business safe and secure, employees across all roles and at all levels require tools and applications to help alleviate the burden and risks associated with workplace passwords, credentials, logins, and access codes. Key messages ▪ Passwords are for more than just the web. Credentials and passcodes are required for desktop applications, mobile apps, IT infrastructure, physical access, and more.
    [Show full text]
  • Password Managers
    Password Managers A Higher Education Information Security Council (HEISC) Resource JULY 2019 Password Managers What Is a Password Manager Tool? A password manager tool is software that helps users encrypt, store, and manage passwords. The tool also helps users create secure passwords and automatically log in to websites. Who Might Use a Password Manager Tool, and Why? Users should employ unique passwords for each website or system to help minimize the impact from the breach of one website or system; however, most users cannot remember a separate password for many sites and tend to reuse passwords or write them on a sticky note attached to their computer. Additionally, organizations may have passwords that need to be shared across teams and want a secure method to do so. Password manager tools allow users and teams to more securely manage many distinct passwords and automatically log them in to websites. The Benefits of Using a Password Manager Tool Password manager tools enable users to create and securely store unique passwords for websites, applications, and other systems without having to memorize or write them down. Risks to Consider When Using a Password Manager Tool Special care should be taken to secure the password tool, as it will grant access to all passwords. The “master” password that grants access to the tool should be very strong and unique, and multifactor authentication should be used if possible. Almost all modern commercial password managers allow users to implement some form of multifactor authentication. You will also need to decide whether you want your password management tool to store passwords locally or in the cloud.
    [Show full text]
  • Elcomsoft Distributed Password Recovery Unlocks 1Password, Keepass, Lastpass and Dashlane Vaults
    Elcomsoft Distributed Password Recovery Unlocks 1Password, KeePass, LastPass and Dashlane Vaults Moscow, Russia – August 10, 2017 - ElcomSoft Co. Ltd. updates Distributed Password Recovery, enabling the recovery of master keys protecting encrypted vaults of four popular password managers: 1Password, KeePass, LastPass and Dashlane. By attacking a single master password, experts can gain access to the entire database containing all of the user’s saved passwords, authentication credentials and other highly sensitive information. Password managers’ protected vaults may contain images of user’s documents, various identity- related information, payment and loyalty card numbers. “We’re continuing our quest on expanding the types of passwords we can break”, says Vladimir Katalov, ElcomSoft CEO. “This time we are targeting four of the most popular password managers, allowing experts gaining access to protected vaults containing users’ authentication credentials, stored logins, passwords and forms to numerous resources. With today’s password managers this only requires breaking a single master password.” One Password to Rule Them All The idea behind all password management apps is simple: allowing users to securely store, organize and use passwords required to authenticate into various resources. As the user no longer has to remember the many different passwords, the use of password managers effectively cuts password re-use and stimulates the use of strong, unique passwords to protect different resources. Password managers can even automatically generate strong, random passwords that are unique per Web site or resource, rendering both dictionary and brute-force attacks ineffective. These passwords are stored in encrypted vaults, and can be only decrypted once the user enters their master password.
    [Show full text]
  • A Security Analysis of Autofill on Ios and Android
    The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android Sean Oesch, Anuj Gautam, Scott Ruoti The University of Tennessee [email protected], [email protected], [email protected] Abstract—Password managers help users more effectively (P3) the filled credential will only be accessible to the manage their passwords, encouraging them to adopt stronger mapped app or web domain. [23]. passwords across their many accounts. In contrast to desktop On desktop environments, password managers are primarily systems where password managers receive no system-level support, mobile operating systems provide autofill frameworks implemented as ad-hoc browser extensions—i.e., the extension that are designed to integrate with password managers to individually implements all aspects of the autofill process provide secure and usable autofill for browsers and other apps without support from OS or browser autofill frameworks. installed on mobile devices. In this paper, we conduct the first While some desktop password managers correctly achieve P1 holistic security evaluation of such frameworks on iOS and and P2 [19], many have incorrect implementations that allow Android, examining whether they achieve substantive benefits over the ad-hoc desktop environment or become a problematic attackers to steal or phish users’ credentials [14], [22], [23], single point of failure. Our results find that while the [19], and none can fully implement P3 due to technical frameworks address several common issues (e.g., requiring user limitations of browser extension APIs [23], [19]. interaction before autofill), they also enforce insecure behavior In contrast to the situation on desktop, mobile operating and fail to provide the password managers implemented using systems provide system-wide autofill frameworks that attempt the frameworks with sufficient information to override this incorrect behavior.
    [Show full text]
  • Revisiting Security Vulnerabilities in Commercial Password Managers?
    Revisiting Security Vulnerabilities in Commercial Password Managers? Michael Carr1 and Siamak F. Shahandashti2 1 Piksel, York Science Park, YO10 5ZD, UK [email protected] 2 Dept. of Computer Science, University of York, YO10 5GH, UK [email protected] Abstract. In this work we analyse five popular commercial password managers for security vulnerabilities. Our analysis is twofold. First, we compile a list of previously disclosed vulnerabilities through a compre- hensive review of the academic and non-academic sources and test each password manager against all the previously disclosed vulnerabilities. We find a mixed picture of fixed and persisting vulnerabilities. Then we carry out systematic functionality tests on the considered password managers and find four new vulnerabilities. Notably, one of the new vulnerabilities we identified allows a malicious app to impersonate a legitimate app to two out of five widely-used password managers we tested and as a result steal the user's password for the targeted service. We implement a proof- of-concept attack to show the feasibility of this vulnerability in a real-life scenario. Finally, we report and reflect on our experience of responsible disclosure of the newly discovered vulnerabilities to the corresponding password manager vendors. Keywords: Vulnerability Testing · Password Managers · Password Man- ager Security · Authentication. 1 Introduction Passwords remain the dominant authentication mechanism in the digital realm despite their shortcomings. Furthermore, they are expected to persist as a pri- mary authentication mechanism for the some time [6]. Among the tools that can greatly reduce the cognitive burden of remembering multiple passwords for arXiv:2003.01985v2 [cs.CR] 17 Mar 2020 multiple services are password managers.
    [Show full text]
  • Practicing Safe Computing by Hal Bookbinder Index
    Page 1 of 77 Practicing Safe Computing by Hal Bookbinder Index Article Published Page #71: “Keeping email contacts up to date” October 2021 76 #70: “Windows Ease of Access – Vision Support” September 2021 75 #69: “Even an 8-year-old Yahoo breach can bite!” August 2021 74 #68: “Protecting your credentials” July 2021 73 #67: ”Recovering files using OneDrive” June 2021 72 #66: “Yet Another Data Breach!” May 2021 71 #65: “Looking your best while on Zoom” April 2021 70 #64: “Private Browsing” March 2021 69 #63: “Using Zoom to Create a Personal Video Message” February 2021 68 #62: “Reducing the Impact of Data Breaches” January 2021 67 #61: “Ten Software Fixes” December 2020 66 #60: “Misleading Google Results” November 2020 65 #59: “We are holding a package for you” October 2020 64 #58: “Vishing (Voice phishing)” September 2020 63 #57: “Ransomware in the age of COVID-19” August 2020 62 #56: “Practicing Safe Zoom” July 2020 61 #55: “COVID-19 Statistics” June 2020 60 #54: “Credit card skimming” May 2020 59 #53: “Avoiding COVID-19 Scams” April 2020 58 #52: “You've Got DNA Matches!” March 2020 57 #51: “USB recharging cord and Bluetooth Risks” February 2020 56 #50: “Discovering if you have been pwned” January 2020 55 #49: “Data Management and Protection” December 2019 54 #48: “Making the most of your Password Manager” October/November 2019 53 #47: “Windows Updates” September 2019 52 #46: “Apples are also vulnerable” August 2019 51 Go to Index © 2015-2021 by JGSCV and by Hal Bookbinder, permission to copy granted with appropriate attribution.
    [Show full text]
  • Comparing Password Management Software: Towards New Directions in Usable and Secure Enterprise Authentication
    This is a postprint version of the following published document: Arias-Cabarcos, P.; Marín, A.; Palacios, D.; Almenárez, P.; Díaz-Sánchez, D. (2016). Comparing Password Management Software: Toward Usable and Secure Enterprise Authentication. IT Professional, v. 18, n. 5, pp. 34-40. DOI: 10.1109/MITP.2016.81 © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. Comparing Password Management Software: Towards New Directions in Usable and Secure Enterprise Authentication Patricia Arias-Cabarcos1, Andrés Marín1, Diego Palacios2, Florina Almenárez1, Daniel Díaz-Sánchez1 1Telematic Engineering Department, University Carlos III of Madrid, Leganés, Madrid (Spain) 2Telefónica España, Madrid (Spain) {ariasp, florina, amarin, dds}@it.uc3m.es, [email protected] Abstract- In today’s corporate IT systems there is an undeniable pattern that is routinely repeated by employees: access to a huge number of password-protected services. In this regard, though deploying a strong enterprise password policy is a mean to increase security against online breaches and data leaks, it also imposes a significant usability burden for users. To alleviate this problem, Password Managers (PMs) are pointed out as user-friendly tools that automate the processes of password generation and login. But how secure and usable are these tools? In this paper we analyze the four most popular PMs with free version from both security and usability perspectives.
    [Show full text]
  • Password Management Options
    Information Technology Services http://www.lander.edu/its [email protected] 864.388.8234 Password Management Options A password manager is an application that stores multiple passwords in a single secure repository. Protected by one master password (and often a second form of authentication), a password manager can help to alleviate much of the hassle associated with creating and remembering a strong, unique password for each of your online accounts. The additional security and convenience provided by a password manager may be worth considering if you find yourself practicing bad habits, such as: - Using the same password for more than one account - Creating passwords that are short or lack complexity - Using passwords that consist of common words, phrases, or patterns - Saving passwords in a web browser - Writing down passwords in a notebook or storing them in a text file. Lander University does not yet provide an official password management solution for faculty and staff, so this document serves as a resource for employees interested in pursuing a password manager for business or personal use. None of the products included are endorsed or supported by Lander University or ITS. The following password managers are provided as popular examples of solutions available to consumers. All information is subject to change but is accurate, to the best of our knowledge, as of December 2016. The information for each product assumes the use of a desktop or laptop as the main password management device, so all features listed may not be available on mobile app versions. Since most password managers offer free and paid versions, this document primarily addresses features included in the free editions.
    [Show full text]