The student news site of Pleasant Valley High School

Spartan Shield

The student news site of Pleasant Valley High School

Spartan Shield

The student news site of Pleasant Valley High School

Spartan Shield

Password obsolescence for online authentication

Password+managers+are+often+used+to+store+multiple+login+credentials%2C+proving+the+inefficiency+of+passwords
LastPass via Wikipedia Commons
Password managers are often used to store multiple login credentials, proving the inefficiency of passwords

The cybersecurity industry has grown the last two decades not just because of the surge of online attacks, but because of the rapid innovation of technology. To combat the newer changes, programmers need to design architectures that can protect from these prospective, stronger attacks.

One of the biggest risks on the internet right now are password authentications. For almost any application, users prove ownership to their data with password protections. This system becomes flawed when accounting for the ease in password cracking today, people’s forgetfulness and the complexity on the company’s end for storing them.

Senior Emily Hoskins explained how they maintain the various passwords she has. “I basically write my passwords down and reuse a lot of them. Probably not the most secure method but makes sure I don’t forget the password to something important,” she said.

Some common solutions are slowly starting to emerge to replace these issues. For consumers, two-factor authentication has become the largest addition. The enterprise side on the other hand has quickly moved to token-based authentication. These tokens are task and user specific to ensure that each person connecting to the application is only using the services they are allowed to have.

This may work in an enterprise setting, but consumers want to be administrators of their own data. So what would be another way to authenticate a user without having them keep track of a string?

Keys.

Private/public keys are an authentication system commonly used between devices but can also be used between a server and client.

The premise behind this system is that every application (Twitter, Instagram, YouTube, Gmail and others) knows one’s public key and will send them an encrypted message using that public key. Users respond back with the decrypted message using their private key to prove that the encrypted message was intended for them.

Senior Alex Blackwell showed how well this encryption system is working in other applications. “Actually, key-based encryption already exists on many websites. The actual code for login pages hashes someone’s password before storing it. Hashing basically turns your password into a random string of characters so that when someone who didn’t login looks at it, it’s worthless. When you login though, you are solving the hash back into the original password to authenticate,” he said.

This newer system is much more user-friendly for consumers since there is not any memorization on their end. The private/public keys are generated as a pair so that any message encrypted by one can be decrypted by the other. They are also reusable for any application making them storable on device basis.

The Fast IDentity Online (FIDO) alliance (Apple, Google and Microsoft) have begun to expand this newer standard for authentication. Passwords are still a very prevalent standard that many will be uncomfortable moving away from. Even though current technologies are well rooted in the internet, moving forward to new standards has always been a fundamental notion in cybersecurity.

View Comments (1)
Donate to Spartan Shield
$480
$1000
Contributed
Our Goal

Your donation will support the student journalists of Pleasant Valley High School in Bettendorf, Iowa. Your contribution will allow us to purchase needed equipment and cover our annual website hosting costs.

More to Discover
About the Contributor
Vishnu Challa, Site Manager
Vishnu Challa is a senior at Pleasant Valley High School and is the Site Manager of the Spartan Shield. He plays clarinet in band and enjoys challenging himself in courses such as AP Physics 2. Outside of school, he applies his technical knowledge as the Programming Team Lead for the robotics team the Winter Soldiers. They have competed at the FIRST Tech Challenge (FTC) World Championship twice, and he uses his three years of experience to recruit new members to ensure the continuation of the team. Vishnu also tutors math and English at Best Brains Learning Center. His career goal is to become a Control Systems Engineer at NASA, and to achieve this, he hopes to study computer science at the University of Illinois Urbana-Champaign. With his diverse selection of activities and hard-working, independent personality, one can say that he is well on his way to realizing that dream.
Donate to Spartan Shield
$480
$1000
Contributed
Our Goal

Comments (1)

All Spartan Shield Picks Reader Picks Sort: Newest

Your email address will not be published. Required fields are marked *

  • C

    Caroline PSep 2, 2022 at 12:03 pm

    Password security is incredibly important, like it said in the article, it’s the fast pace of technology changing which makes it hard to keep up with its changes. Having a secure and trusted program to protect your password is needed more than ever. For example, Apple’s iCloud keychain is used and claimed to have security but only when there are constant updates made. Recently there have been problems with Apple which shows how good it is to have an alternative for password safety.

    Reply
Activate Search
Password obsolescence for online authentication