Having summarized the many and sometimes conflicting requirements that an access management system must address, we now consider a number of actual schemes currently in use or under consideration and analyze how well they meet these requirements. It's important to recognize that in solving real-world problems more ...

Authentication strength is a somewhat subjective question. For many of the approaches that we will discuss, strength comes from the details of cryptographic algorithms and key lengths used; but part lies also in overall system design and implementation and in the realities of user behavior, and this can ...

The basic cross-organizational access management problem is exemplified by most licensing agreements for networked information resources today; it also arises in situations where institutions agree to share limited-access resources with other institutions as part of consortia or other resource sharing collaborations. In such an agreement, an institution -- ...

Authentication is the process of determining the identity of a user. In the context of the Java runtime environment, it is the process of identifying the user of an executing Java program. In certain cases, this process may rely on the services described in the "Cryptography" section (Section 4). The Java ...

SecurityFocus has a great article on Windows password security. Among other things, it addresses the real implications of the weaknesses of LanMan and NTLMv2, and a way you can use that to your advantage: if a password is fifteen characters or longer, Windows does not even store the LanMan hash ...

A how-to on boarding early on Southwest… …Use any HTML editor to change the “B” or “C” graphic on your saved boarding pass to the “A” graphic that you saved. Not rocket science, but points out the inherent insecurity of boarding passes you print out yourself. I suspect it’s similarly ...

Counter to what the movies might say, hacking grades is not just cheating it’s a crime: An investigation showed the professor’s network account had been accessed without her permission and grades were assigned to nearly 300 students, prosecutor Robert Fratianne said. I bet they just guessed her password but still, there’s ...