Various types of authentication methods are available today. They range from the simple username and password databases to stronger implementation of token cards and one-time passwords (OTPs). Table 6-2 lists the authentication methods, from the strongest and most complex methods to the weakest and simple methods.

Token cards and soft tokens

Token cards are small electronic devices. A personal identification number (PIN) is given to users. The user authenticates with a combination of the token card and the PIN.


OTP systems are based on a secret pass-phrase that generates passwords. These are only good for one-time use, and thus guard against eavesdrop ping attacks, playback attacks, and password attacks.

Username and passwords (with expiration date)

The user must change the password because it expires (usually every 30 to 60 days). Static username and password database

The password is the same unless changed by the system administrator. Vulnerable to passwordcracking programs and other password attacks.

No username and password

This is usually an open invitation to attackers who discover the access method to gain access to the network system.

0 0

Post a comment