Password based authentication weaknesses

Summary :

Brute Force or Dictionnary attacks :

Not every word can make a good "password", end user are generally using easy to remember passwords that are derived from real language word. Those easy to remember passwords, are also easy to guess, this is leveraged by some efficient hacker tools that help an adversary try likely password values very efficiently. By providing a secure central authentication system, GateKeeper help reducing the number of password a user is expected to remember, making easier using "strong" random password.

Additionally, KerPass delivers a multi-keys OATH one time password token , that is fully compatible with GateKeeper authentication. One time password can be made extremely resistant to brute force attacks.

Spyware attacks :

Keyloggers can be embedded into web pages to record user secrets or alternatively a virus may live on the user machine with much the same objective. Web browser by default in an effort to render the web easier to use, records extensively the data that are entered by the end user over and over, including their login, password and credit card number. This is certainly helpfull to increase web ease of use, but this put those sensitive data within the reach of prospectively non honest neighboors in your work environment, or favorite Internet cafe.

Spyware protection is partially achieved by installing good anti-virus on the client machine. The GateKeeper client bar may eventually have built in key logger protection. For the time being, key logger can be neutralized using one time password instead of static password.

MITM attacks :

GateKeeper uses the well known SRP protocol which renders impossible a MITM attack in between end user browser and the authentication portail. With SRP, the end user password never leaves the browser.