DOCSLIB.ORG

Securing Debian Manual

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Securing Debian Manual Securing Debian Manual Javier Fernández-Sanguino Peña <[email protected]> ‘Authors’ on this page Version: 3.17, built on Sun, 08 Apr 2012 02:48:09 +0000 Abstract This document describes security in the Debian project and in the Debian operating system. Starting with the process of securing and hardening the default Debian GNU/Linux distribution installation, it also covers some of the common tasks to set up a secure network environment using Debian GNU/Linux, gives additional information on the security tools available and talks about how security is enforced in Debian by the security and audit team. Copyright Notice Copyright © 2002-2013 Javier Fernández-Sanguino Peña Copyright © 2001 Alexander Reelsen, Javier Fernández-Sanguino Peña Copyright © 2000 Alexander Reelsen Some sections are copyright © their respective authors, for details please refer to ‘Credits and thanks!’ on page 21. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) or any later version (http: //www.gnu.org/copyleft/gpl.html) published by the Free Software Foundation. It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Permission is granted to make and distribute verbatim copies of this document provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this document under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this document into another language, under the above con- ditions for modified versions, except that this permission notice may be included in translations approved by the Free Software Foundation instead of in the original English. i Contents 1 Introduction 1 1.1 Authors............................................................1 1.2 Where to get the manual (and available formats)....................................2 1.3 Organizational notes/feedback..............................................2 1.4 Prior knowledge.......................................................2 1.5 Things that need to be written (FIXME/TODO).....................................2 1.6 Changelog/History.....................................................5 1.6.1 Version 3.17 (January 2015)............................................5 1.6.2 Version 3.16 (January 2013)............................................5 1.6.3 Version 3.15 (December 2010)...........................................5 1.6.4 Version 3.14 (March 2009).............................................5 1.6.5 Version 3.13 (February 2008)...........................................6 1.6.6 Version 3.12 (August 2007)............................................6 1.6.7 Version 3.11 (January 2007)............................................6 1.6.8 Version 3.10 (November 2006)...........................................7 1.6.9 Version 3.9 (October 2006).............................................7 1.6.10 Version 3.8 (July 2006)...............................................7 1.6.11 Version 3.7 (April 2006)..............................................7 1.6.12 Version 3.6 (March 2006)..............................................8 1.6.13 Version 3.5 (November 2005)...........................................8 1.6.14 Version 3.4 (August-September 2005)......................................8 1.6.15 Version 3.3 (June 2005)...............................................9 1.6.16 Version 3.2 (March 2005)..............................................9 1.6.17 Version 3.1 (January 2005).............................................9 1.6.18 Version 3.0 (December 2004)............................................ 10 1.6.19 Version 2.99 (March 2004)............................................. 10 1.6.20 Version 2.98 (December 2003)........................................... 10 1.6.21 Version 2.97 (September 2003)........................................... 10 1.6.22 Version 2.96 (August 2003)............................................ 11 1.6.23 Version 2.95 (June 2003).............................................. 11 1.6.24 Version 2.94 (April 2003).............................................. 11 1.6.25 Version 2.93 (March 2003)............................................. 11 1.6.26 Version 2.92 (February 2003)........................................... 11 1.6.27 Version 2.91 (January/February 2003)...................................... 12 CONTENTS ii 1.6.28 Version 2.9 (December 2002)............................................ 12 1.6.29 Version 2.8 (November 2002)........................................... 12 1.6.30 Version 2.7 (October 2002)............................................. 12 1.6.31 Version 2.6 (September 2002)........................................... 13 1.6.32 Version 2.5 (September 2002)........................................... 13 1.6.33 Version 2.5 (August 2002)............................................. 13 1.6.34 Version 2.4...................................................... 15 1.6.35 Version 2.3...................................................... 15 1.6.36 Version 2.3...................................................... 16 1.6.37 Version 2.2...................................................... 16 1.6.38 Version 2.1...................................................... 16 1.6.39 Version 2.0...................................................... 16 1.6.40 Version 1.99..................................................... 17 1.6.41 Version 1.98..................................................... 17 1.6.42 Version 1.97..................................................... 18 1.6.43 Version 1.96..................................................... 18 1.6.44 Version 1.95..................................................... 18 1.6.45 Version 1.94..................................................... 18 1.6.46 Version 1.93..................................................... 18 1.6.47 Version 1.92..................................................... 18 1.6.48 Version 1.91..................................................... 19 1.6.49 Version 1.9...................................................... 19 1.6.50 Version 1.8...................................................... 19 1.6.51 Version 1.7...................................................... 19 1.6.52 Version 1.6...................................................... 20 1.6.53 Version 1.5...................................................... 20 1.6.54 Version 1.4...................................................... 20 1.6.55 Version 1.3...................................................... 20 1.6.56 Version 1.2...................................................... 20 1.6.57 Version 1.1...................................................... 20 1.6.58 Version 1.0...................................................... 20 1.7 Credits and thanks!..................................................... 21 2 Before you begin 23 2.1 What do you want this system for?............................................ 23 2.2 Be aware of general security problems.......................................... 23 2.3 How does Debian handle security?............................................ 25 3 Before and during the installation 27 3.1 Choose a BIOS password.................................................. 27 3.2 Partitioning the system................................................... 27 3.2.1 Choose an intelligent partition scheme..................................... 27 3.3 Do not plug to the Internet until ready.......................................... 28 CONTENTS iii 3.4 Set a root password..................................................... 29 3.5 Run the minimum number of services required..................................... 29 3.5.1 Disabling daemon services............................................ 29 3.5.2 Disabling inetd or its services.......................................... 30 3.6 Install the minimum amount of software required................................... 31 3.6.1 Removing Perl................................................... 31 3.7 Read the Debian security mailing lists.......................................... 33 4 After installation 35 4.1 Subscribe to the Debian Security Announce mailing list................................ 35 4.2 Execute a security update................................................. 35 4.2.1 Security update of libraries............................................ 36 4.2.2 Security update of the kernel........................................... 36 4.3 Change the BIOS (again).................................................. 37 4.4 Set a LILO or GRUB password.............................................. 37 4.5 Disable root prompt on the initramfs........................................... 38 4.6 Remove root prompt on the kernel............................................ 38 4.7 Restricting console login access.............................................. 39 4.8 Restricting system reboots through the console..................................... 39 4.9 Restricting the use of the Magic SysRq key....................................... 40 4.10 Mounting partitions the right way............................................ 40 4.10.1 Setting /tmp noexec................................................ 41 4.10.2 Setting /usr read-only............................................... 41 4.11 Providing secure
Load more

Recommended publications
  • IBM Multi-Factor Authentication for Z/OS
    Multi Factor Authentication for Linux on IBM Z using a centralized z/OS LDAP infrastructure Dr. Manfred Gnirss Thomas Wienert Z ATS IBM Systems IBM Germany R & D Boeblingen, 18.7.2018 © 2018 IBM Corporation 2 Trademarks The following are trademarks of the International Business Machines Corporation in the United States, other countries, or both. Not all common law marks used by IBM are listed on this page. Failure of a mark to appear does not mean that IBM does not use the mark nor does it mean that the product is not actively marketed or is not significant within its relevant market. Those trademarks followed by ® are registered trademarks of IBM in the United States; all others are trademarks or common law marks of IBM in the United States. For a complete list of IBM Trademarks, see www.ibm.com/legal/copytrade.shtml: *BladeCenter®, DB2®, e business(logo)®, DataPower®, ESCON, eServer, FICON, IBM®, IBM (logo)®, MVS, OS/390®, POWER6®, POWER6+, POWER7®, Power Architecture®, PowerVM®, S/390®, System p®, System p5, System x®, System z®, System z9®, System z10®, WebSphere®, X-Architecture®, zEnterprise, z9®, z10, z/Architecture®, z/OS®, z/VM®, z/VSE®, zSeries® The following are trademearks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Bachelor Thesis Sommersemester 2010
    Development of an Android App for One-Time Password Generation & Management Bachelor Thesis Sommersemester 2010 Bearbeitet von: Michael Barth (Matrikelnummer: 26206) Betreuer: Prof. Dr. Christoph Karg Hochschule f¨urTechnik und Wirtschaft Aalen Fakult¨atElektronik und Informatik Studiengang Informatik Abstract This work covers the development of an Application for the Android platform for One-Time Password Management and Creation, including all fundamentals that are necessary to do this. One-Time Passwords are introduced in general. Their benefits and drawbacks are discussed and their usage is illustrated with a practical example. Concluding, a specific OTP implementation (OTPW) is introduced. Following is an introduction on the topic of Random Number Generation in the context of cryptography. An overview over attacks on Pseudo Random Number Generators (PRNGs) is given, as well as some design guidelines to prevent them. The Android platform is introduced in detail to establish a basic understanding of the target platform, describing its architecture and application framework. An extensive introduction to development for Android is given in the next chapter, including installation and setup, general guidelines on developing for mobile devices and practical examples of the most important components with source code. The application developed over the course of this thesis will then be described in detail, including its architecture, design decisions and an elaboration on the imple- mentation details. A conclusion, including an evaluation of the Android platform and the application, summarises this work. This work was done within the scope of the Hochschule f¨urTechnik und Wirtschaft Aalen, Germany, as a bachelor thesis over the course of the 8th semester.
    [Show full text]
  • Securing Debian Manual
    Securing Debian Manual Javier Fernández-Sanguino Peña <[email protected]> ‘Authors’ on this page Version: 3.16, built on Sun, 08 Apr 2012 02:48:09 +0000 Abstract This document describes security in the Debian project and in the Debian operating system. Starting with the process of securing and hardening the default Debian GNU/Linux distribu- tion installation, it also covers some of the common tasks to set up a secure network environ- ment using Debian GNU/Linux, gives additional information on the security tools available and talks about how security is enforced in Debian by the security and audit team. Copyright Notice Copyright © 2002-2013 Javier Fernández-Sanguino Peña Copyright © 2001 Alexander Reelsen, Javier Fernández-Sanguino Peña Copyright © 2000 Alexander Reelsen Some sections are copyright © their respective authors, for details please refer to ‘Credits and thanks!’ on page 29. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 (http://www.gnu.org/licenses/ old-licenses/gpl-2.0.html) or any later version (http://www.gnu.org/copyleft/ gpl.html) published by the Free Software Foundation. It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Permission is granted to make and distribute verbatim copies of this document provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this document under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.
    [Show full text]
  • Draft Application Security Developer's Guide
    DRAFT APPLICATION SECURITY DEVELOPER’S GUIDE Version 1.0 October 4, 2002 Applications and Computing Security Division Center for Information Assurance Applications 5275 Leesburg Pike Falls Church, VA 22041 (This document is for review. Comments, if any, can be sent to [email protected] or [email protected]) FOR INFORMATIONAL PURPOSES Draft TABLE OF CONTENTS Page Number 1.0 INTRODUCTION................................................................................................................... 1 1.1 PURPOSE............................................................................................................................ 1 1.2 SCOPE ................................................................................................................................. 2 1.2.1 Subjects Not Addressed in This Document ................................................................... 2 1.3 INTENDED AUDIENCE ................................................................................................... 3 1.4 NOTE ON STYLE .............................................................................................................. 4 2.0 BACKGROUND ..................................................................................................................... 5 2.1 ORGANIZATION AND CONTENT OF THIS DOCUMENT ...................................... 5 2.2 HOW TO USE THIS DOCUMENT ................................................................................. 6 3.0 WHAT IS WEB APPLICATION SECURITY? ...............................................................
    [Show full text]
  • Linux Journal | May 2016 | Issue
    A Look at PostgreSQL 9.5’s Most Interesting Features ™ WATCH: ISSUE OVERVIEW V MAY 2016 | ISSUE 265 http://www.linuxjournal.com Since 1994: The Original Magazine of the Linux Community CONFIGURE SECURE TOKEN-BASED YOUR SERVER AUTHENTICATION WITH to Use Your Gmail Account TIPS FOR YubiKey 4 DEVELOPERS to Prevent Compromise at the Source + Build Your Own Tiny Internet HOW TO Install Qubes and Navigate the Desktop LJ265-May2016.indd 1 4/20/16 8:28 PM NEW! Linux on NEW! SSH: a Power Modern Author: Lock for Practical books Ted Schmidt Your Server? Sponsor: Author: HelpSystems Federico Kereki for the most technical Sponsor: people on the planet. Fox Technologies Self-Audit: Agile Checking Product Assumptions Development at the Door Author: GEEK GUIDES Author: Ted Schmidt Greg Bledsoe Sponsor: IBM Sponsor: HelpSystems Improve Finding Your Business Way: Mapping Processes with Your Network an Enterprise to Improve Job Scheduler Manageability Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: Skybot InterMapper Download books for free with a DIY Combating simple one-time registration. Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: http://geekguide.linuxjournal.com Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs LJ265-May2016.indd 2 4/20/16 8:28 PM NEW! Linux on NEW! SSH: a Power Modern Author: Lock for Practical books Ted Schmidt Your Server? Sponsor: Author: HelpSystems Federico Kereki for the most technical Sponsor: people on the planet. Fox Technologies Self-Audit: Agile Checking Product Assumptions Development at the Door Author: GEEK GUIDES Author: Ted Schmidt Greg Bledsoe Sponsor: IBM Sponsor: HelpSystems Improve Finding Your Business Way: Mapping Processes with Your Network an Enterprise to Improve Job Scheduler Manageability Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: Skybot InterMapper Download books for free with a DIY Combating simple one-time registration.
    [Show full text]
  • Institutionen För Datavetenskap Department of Computer and Information Science
    Institutionen för datavetenskap Department of Computer and Information Science Final thesis Securing Credentials on Untrusted Clients by Johannes Hassmund LIU-IDA/LITH-EX-A--10/003--SE 2010-01-21 Linköpings universitet Linköpings universitet SE-581 83 Linköping, Sweden 581 83 Linköping Linköping University Department of Computer and Information Science Final Thesis Securing Credentials on Untrusted Clients by Johannes Hassmund LIU-IDA/LITH-EX-A--10/003--SE 2010-01-21 Supervisor: Nahid Shahmehri Examiner: Nahid Shahmehri Abstract IT systems rely on correct authentication of their users in order to provide confidentiality and integr‐ ity of data. When accessing systems remotely, for instance over the Internet, no assumptions can be made regarding the level of security on the computer used. Such computers may be exposed to malware, keyloggers and other threats and must therefore generally be considered as untrusted. To increase security when users connect remotely from untrusted clients various authentication mechanisms can be used. Usability must however be considered when deploying new mechanisms. Protection must also be balanced to the load put on users. This thesis gives a presentation of common authentication mechanisms available and enumerates the main attack vectors threatening correct authentication and credentials. Furthermore a ranking method is proposed in order to evaluate authentication mechanisms in relation to each other. Using the outcome of the ranking of existing methods an authentication system called Smokey (Synchronizable Mobile Key) is proposed and implemented. Smokey uses Java capable cell phones as hardware tokens generating short time valid one time passwords. Whereas traditional tokens may cease to work under certain circumstances Smokey provides users the ability to synchronize with the authentication server aiming for high usability.
    [Show full text]
  • Guessing Human-Chosen Secrets
    UCAM-CL-TR-819 Technical Report ISSN 1476-2986 Number 819 Computer Laboratory Guessing human-chosen secrets Joseph Bonneau May 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Joseph Bonneau This technical report is based on a dissertation submitted May 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Churchill College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Summary Authenticating humans to computers remains a notable weak point in computer security despite decades of effort. Although the security research community has explored dozens of proposals for replacing or strengthening passwords, they appear likely to remain entrenched as the standard mechanism of human-computer authentication on the Internet for years to come. Even in the optimistic scenario of eliminating passwords from most of today's authentication protocols using trusted hardware devices or trusted servers to perform federated authenti- cation, passwords will persist as a means of \last-mile" authentication between humans and these trusted single sign-on deputies. This dissertation studies the difficulty of guessing human-chosen secrets, introducing a sound mathematical framework modeling human choice as a skewed probability distribution. We introduce a new metric, α-guesswork, which can accurately models the resistance of a dis- tribution against all possible guessing attacks. We also study the statistical challenges of estimating this metric using empirical data sets which can be modeled as a large random sample from the underlying probability distribution.
    [Show full text]
  • Guessing Human-Chosen Secrets
    Guessing human-chosen secrets Joseph Bonneau University of Cambridge Churchill College April 2012 This dissertation is submitted for the degree of Doctor of Philosophy Declaration This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration except where specifically indicated in the text. No parts of this dissertation have been submitted for any other qualification. This dissertation does not exceed the regulation length of 60; 000 words, including tables and footnotes. In memory of Fletcher (1998-2012). I wish you were around to see this dissertation and fall asleep on it. |Joseph Bonneau, April 2012 Acknowledgements I am grateful to my supervisor Ross Anderson for help every step of the way, from answering my emails when I was a foreign undergraduate to pushing me to finally finish the dissertation. He imparted countless research and life skills along the way, in addition to helping me learn to write in English all over again. I was also fortunate to be surrounded in Cambridge by a core group of \security people" under Ross' leadership willing to ask the sceptical questions needed to understand the field. In particular, I've benefited from the mentorship of Frank Stajano and Markus Kuhn, the other leaders of the group, as well as informal mentorship from Richard Clayton, Bruce Christianson, Mike Bond, George Danezis, Claudia Diaz, Robert Watson and Steven Murdoch amongst many others. I thank Arvind Narayanan for his support and mentorship from afar. I am most appreciative of the personal mentorship extended to me by Saar Drimer through my years in the lab, which always pushed me to be more honest about my own work.
    [Show full text]
  • Lista.Txt Thu Jan 01 10:19:02 2015 1 0Ad-Data 2Ping 2Vcard 389
    lista.txt Thu Jan 01 10:19:02 2015 1 0ad-data 2ping 2vcard 389-console 3dchess 3depict 4digits 4g8 4store 6tunnel 7kaa-data 8086tiny 8086tiny-dev 9base 9menu 9wm a2jmidid a2ps a56 a7xpg a7xpg-data aa3d aajm aaphoto abacas abby abcde abcm2ps abcmidi abcmidi-yaps abe abe-data abgate abi-compliance-checker abicheck abinit abinit-doc abiword abiword-common abiword-dbg abiword-plugin-grammar abiword-plugin-mathview abntex abook abootimg abr2gbr abraca abs-guide abtransfers abuse abuse-lib abuse-sfx accerciser accessodf accountsservice acct ace-gperf ace-netsvcs ace-of-penguins acedb-other acedb-other-belvu acedb-other-dotter aces3 acetoneiso acfax lista.txt Thu Jan 01 10:19:02 2015 2 acgvision-agent acheck acheck-rules acheck-rules-fr achilles ack ack-grep acl acl2 acl2-books acl2-books-certs acl2-books-source acl2-doc acl2-emacs acl2-infix acl2-infix-source acl2-source aclock.app acm aconnectgui acorn-fdisk acoustid-fingerprinter acpi-support acpi-support-base acpid acpitool acpitool-dbg actionaz activemq activity-log-manager activiz.net-doc activiz.net-examples ada-reference-manual-2005 ada-reference-manual-2012 adabrowse adacgi1 adacontrol adanaxisgpl adanaxisgpl-data addresses-goodies-for-gnustep addresses.framework addressmanager.app addressview.framework adduser adept adjtimex adlint admesh adminer adns-tools adonthell-data adplay adplug-utils adun.app advancecomp advene advi advi-examples adzapper aegis aegis-doc aegis-tk aegis-web aegisub aegisub-l10n lista.txt Thu Jan 01 10:19:02 2015 3 aeolus aephea aes2501-wy aesfix aeskeyfind aeskulap
    [Show full text]
  • Securing Debian Manual
    Securing Debian Manual Javier Fernández-Sanguino Peña <[email protected]> ‘Auteurs’ de la présente page Version : 3.16, construite le Sun, 08 Apr 2012 02 :48 :09 +0000 Résumé Ce document décrit la sécurité dans le projet Debian ainsi que dans le système d’exploitation Debian. Il commence par la sécurisation et le renforcement de l’installation standard d’une distribution Debian GNU/Linux. Il couvre quelques tâches courantes telles que la sécurisation d’un réseau utilisant Debian GNU/Linux et il donne également des informations complémentaires sur les outils de sécurisation disponibles ainsi que sur le travail accompli au sein du projet Debian par l’équipe en charge de la sécurité et par l’équipe d’audit. Copyright Copyright © 2002-2013 Javier Fernández-Sanguino Peña Copyright © 2001 Alexander Reelsen, Javier Fernández-Sanguino Peña Copyright © 2000 Alexander Reelsen Some sections are copyright © their respective authors, for details please refer to ‘Remerciements’ page 19. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 (http://www.gnu.org/copyleft/gpl.html) or any later version (http://www.gnu.org/copyleft/ gpl.html) published by the Free Software Foundation. It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Permission is granted to make and distribute verbatim copies of this document provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this document under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.
    [Show full text]
  • Technical and Market Failures in Human Authentication on the Web
    The password thicket: technical and market failures in human authentication on the web Joseph Bonneau Sören Preibusch Computer Laboratory Computer Laboratory University of Cambridge University of Cambridge [email protected] [email protected] Abstract We report the results of the first large-scale empirical analysis of password implementations deployed on the Internet. Our study included 150 websites which offer free user accounts for a variety of purposes, including the most popular destinations on the web and a random sample of e-commerce, news, and communication websites. Although all sites evaluated relied on user-chosen textual passwords for authentication, we found many subtle but important technical variations in im- plementation with important security implications. Many poor practices were commonplace, such as a lack of encryption to protect transmitted passwords, storage of cleartext passwords in server databases, and little protection of passwords from brute force attacks. While a spectrum of imple- mentation quality exists with a general co-occurrence of more-secure and less-secure implementa- tion choices, we find a surprising number of inconsistent choices within individual sites, suggesting that the lack of a standards is harming security. We observe numerous ways in which the technical failures of lower-security sites can compromise higher-security sites due to the well-established ten- dency of users to re-use passwords. Our data confirms that the worst security practices are indeed found at sites with few security incentives, such as newspaper websites, while sites storing more sensitive information such as payment details or user communication implement more password se- curity.
    [Show full text]
  • The Quest to Replace Passwords: a Framework for Comparative Evaluation of Web Authentication Schemes
    UCAM-CL-TR-817 Technical Report ISSN 1476-2986 Number 817 Computer Laboratory The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano March 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 3 The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes ∗ [FULL LENGTH TECHNICAL REPORT] Joseph Bonneau University of Cambridge Cambridge, UK [email protected] Cormac Herley Microsoft Research Redmond, WA, USA [email protected] Paul C. van Oorschot Carleton University Ottawa, ON, Canada [email protected] Frank Stajanoy University of Cambridge Cambridge, UK [email protected] Abstract—We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide.
    [Show full text]