Accession Number:

ADA464139

Title:

Beyond Passwords: Usage and Policy Transformation

Descriptive Note:

Master's thesis

Corporate Author:

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH

Personal Author(s):

Report Date:

2007-03-01

Pagination or Media Count:

147.0

Abstract:

The purpose of this research is to determine whether the transition to a two-factor authentication system is more secure than a system that relied only on what users know for authentication. While we found that factors that made passwords inherently vulnerable did not transfer to the PIN portion of a two-factor authentication system, we did find significant problems relating to usability, worker productivity, and the loss and theft of smart cards. The new authentication method has disrupted our ability to stay connected to ongoing mission issues, forced some installations to cut off remote access for their users and in one instance, caused a reserve unit to regress 10 years in their notification and recall procedures. The best-case scenario for lost productivity due to users leaving their CAC at work, in their computer, is costing 261 work years per year with an estimated cost of 10.4 million payroll dollars. Finally, the new authentication method is causing an increase in the loss or theft of CACs, our primary security mechanism for accessing DoD installations, at a rate of 28,222 a year. A single tool, such as the CAC, for all systems and services, carries much power, are we prepared for the responsibility

Subject Categories:

  • Computer Systems
  • Computer Systems Management and Standards
  • Economics and Cost Analysis

Distribution Statement:

APPROVED FOR PUBLIC RELEASE