IGCSEICTCIERevision Notes2. Networks2.2 Network IssuesPasswords & Authentication

Passwords & Authentication (CIE IGCSE ICT)

Revision Note

Becci Peters

Expertise

Computer Science

Passwords

  • Passwords are a common form of security and are often accompanied by a username or email address
  • This type of security is often seen when accessing online banking,  virtual learning environments, email accounts and many more
  • There are many ways to enhance the security of your password such as the following:
    • Ensure that the password is changed regularly in case it has been obtained illegally or accidentally
    • Ensure that the password uses a combination of uppercase, lowercase, numbers and symbols to make the password more difficult to guess
    • iloveict is a weak password
    • 1lov3ICT# is a strong password
  • Passwords should not contain personal information related to you such as your date of birth, your name or the name of your pet
  • Anti spyware software can be run regularly to ensure that your information including your password is not being passed to an unauthorised third party user

Authentication

  • There are also other forms of authentication aside from passwords that utilise what is known as “zero login
  • This aims at removing or reducing the need for the user to manually input their details and instead rely on the system to verify the users credentials automatically
  • One such type is known as biometrics where the user's fingerprints or facial features are scanned to provide unique biometric information to authenticate the user's details.
  • Newer methods of zero login types of authentication include the use of networks, location, device data and human behavioural patterns to recognise users automatically.
  • Although these methods offer many advantages there are some concerns that need to be taken into consideration. They include:
    • What personal data is being collected?
    • Is the collected data being kept securely?
    • Will it log in and out at the correct times?

Magnetic Stripe Cards

  • Magnetic stripe cards are a form of card that stores the user’s data on a magnetic strip usually on the reverse side
  • The user scans the card through a reader where the details stored on the card are compared to the details stored within the system. It the data from the card matches the data that is store on the system the user is authenticated and granted access
  • The advantages to use magnetic stripe cards include:
    • Widely used and accepted
    • Cheap
    • Simple to use
    • A single card can serve multiple purposes within an organisation such as doors, purchasing food from canteens and accessing IT equipment
  • Disadvantages to magnetic stripe cards include:
    • Some cards use a holographic or photographic ID to detect forged or stolen copies
    • The card can may need to be scanned multiple times  before the user is accepted and authenticated
    • Cards can become damaged or wear out over time (especially with constant use)
    • Cards can be easily cloned

Smart Cards

  • Smart Cards are cards that contain a chip and can be used as contactless
  • The card does not need to be inserted or swiped through a machine and can be detected from a short distance away
  • Personal identification information can be stored on the card such as name, address, date of birth and/or banking information
  • The information on the card is encrypted which means it can only be read by authorised devices
  • Often the card will require a personal identification number (PIN) which is needed to access the information, providing an additional layer of security
  • Advantages of smart cards include:
    • Durable
    • Use for a wide range of applications (Payments, Access Control, Storing personal data
    • Enhanced security (Compared to standard cards)
  • Disadvantages of smart cards include:
    • Risk of loss
    • Initial Infrastructure requirements
    • More expensive compared to traditional cards

Physical Tokens

  • A Physical Token enables authentication with the use of a small physical device
  • To access a system that uses a physical token, a user will enter their username and password into the system, and then enter the security code generated by the token
  • The physical token can be directly connected to the device that the user is trying to access or the physical token will generate one time password (OTP) which is then entered into the system manually
  • To obtain a one time password (OTP) the user will enter their personal identification number (PIN) and any other authentication requirements into the physical token device. If all requirements are satisfied then an internal clock will be used to generate the one time password (OTP) which is displayed on its screen
  • To enhance security, the one time password (OTP) changes frequently and each code will only be valid for a short period of time (usually within 1 minute)
  • Advantages of physical tokens include:
    • Offline authentication
    • Portable
  • Disadvantages of physical tokens include:
    • Cost
    • Loss or theft of the physical token
    • Physical dependance 

There are two typical of physical token:

  • Disconnected physical token
    • When using a disconnected physical token, a separate device is used to generate the one time password (OTP) which the user will  then enter into the system manually 
  • Connected physical token
    • When using a connected physical token, the one time password (OTP) is generated and passed to the system automatically though a physical connection and does not require to user to enter the password manually


Electronic tokens

  • Electronic Tokens are a form of application software that is installed on a user's device (usually smartphone) to allow them to authenticate their details and allow them to access a secure website
  • A user must download and register the electronic token software app prior to accessing the secure website
  • As the website prompts for authentication, the user will open the app that will provide a one time passcode (OTP) which will be entered into an entry box on the website along with other forms of authentication such as a username and personal identification number (PIN)
  • Both the web server and the smartphone application have synchronised clocks which will generate identical numbers and should the authentication details match, the user will be granted access to the website 
  • The above explanation is just one method of authentication when using electronic tokens. Another method is as follows:
    • The website will prompt the user for their username and password
    • Upon successful credentials the website will generate a code
    • The code is then entered into the application software on the users phone which will generate another code
    • The generated code from the application software is then entered into an entry box on the website
    • Should all authentication methods pass successfully, the user is granted access to the website

You've read 0 of your 0 free revision notes

Get unlimited access

to absolutely everything:

  • Downloadable PDFs
  • Unlimited Revision Notes
  • Topic Questions
  • Past Papers
  • Model Answers
  • Videos (Maths and Science)

Join the 100,000+ Students that ❤️ Save My Exams

the (exam) results speak for themselves:

    Next topic

    Did this page help you?

    Becci Peters

    Author: Becci Peters

    Becci has been a passionate Computing teacher for over 9 years, teaching Computing across the UK helping to engage, interest and develop confidence in the subject at all levels. Working as a Head of Department and then as an educational consultant, Becci has advised schools in England, where her role was to support and coach teachers to improve Computing teaching for all. Becci is also a senior examiner for multiple exam boards covering GCSE & A-level. She has worked as a lecturer at a university, lecturing trainee teachers for Computing.