Forget passwords, tricky sums are more secure

Classic user identification requires the remote user sending a username and a password to the system to which they want to be authenticated. The system looks up the username in its locally stored database and if the password submitted matches the stored password, then access is granted. This method for identification works under the assumption there exist no malicious users and that their local terminals cannot be infected by malware. (…)

Nikolaos Bardis of the University of Military Education, in Vari, Greece and colleagues there and at the Polytechnic Institute of Kiev, in Ukraine, have developed an innovative approach to logins, which implements the advanced concept of zero knowledge identification.

Zero knowledge user identification solves these issues by using passwords that change for every session and are not known to the system beforehand. The system can only check their validity.

{ ScienceText | Continue reading }

mathematics, spy & security, technology | April 12th, 2011