Credential Security

Password is secret keyword used to enter or access any service or information by user.

?Credential management from individual user side is a big task for any person, since remembering keyword as it is with its case-sensitive form. And for multiple service where password policies are enabled with complexity, password aging, reuse limitation.

On the side of security vulnerability, even high complexity password is just a key-combination from general keyboard. Which can be generated by anyone on anytime or through a dictionary attack method.

The situation of complex passwords made habit to users for follow password patterns and reusing password in other service as and when password expiry occurs in one service. Each situation is very helpful to bad actors who trying to make any intrusion.?

Here securing the access to any service or information on the scale of zero trust policy, additional authentication factors are attached to same password as additional information to enter by user for validating or support user's given credentials to authentication mechanism. Which known as Multi-Factor Authentication or MFA.

?First Factor:

• Something you know, such as a passphrase or personal identification number (PIN).

Additional (Multi) Factors:

• Something you have, such as a token or smartcard.
• Something you are, such as a biometric or retina.

?Tokens are time-based passwords generated from an enrolled device (hardware or application) for each user. Or it may be a code shared to registered mobile telephone or email address. Time based password, OTPs are justifying entered First Factor (password) to authentication system as same is from an indented user who is trying to validate their credential. Since real-time sharing OTPs through SMS & Emails are also considered as a weak factor due to multiple distribution can happen by email forwarding rule or cloned SMS / text applications on smartphones.

Certificate Based Authentication and USB tokens (FIDO Key) are more secure comparing to SMS & email based second factors, however CBA & FIDO Keys (USB & NFC interface type) are depended to host machines hardware interfaces for authentication workflow to properly happen. ?

Concept of password-less accounts are also getting popular as totally depending on to named additional factors alone like OTP, certificate, and security keys (USB or NFC).

All above mentioned credential security parameters are focused on user side and concept of application interface side credential also can be planned with user login permits from trusted device which having Trusted Platform Module (TPM), or MDM enrolled one.

“Security comes with the cost of compromise in comfort”.

PseudoWire