Monday, November 12, 2007

Perfect Paper Passwords - Two-Factor Authentication for the Masses

Usernames and passwords have long been established as the de facto form of authentication for websites and other systems. They provide a convenient system for authenticating and identifying users. However, they are also highly vulnerable to dictionary attacks, weak passwords, key-loggers etc. Recently, two-factor authentication has been suggested as providing a much stronger approach. In addition to 'Something You Know', such as a password, you also provide 'Something You Have', such as a security token. Verisign and RSA Security offer such products that produce a time-synchronized sequence of digits that change at regular intervals. Systems that incorporate these security token mechanisms, accept the sequence of digits in addition to a password during authentication.

Steve Gibson from GRC recently released a similar system based on passcodes. The Perfect Paper Passwords system produces a set of one-time passcodes. The passcodes are created using a 256-bit Sequence Key passed through a Rijndael/AES Cipher. The passcodes are then grouped into credit card sized passcards across 7 columns and 10 rows. During authentication, the system would prompt the user to enter the passcode at a particular column-row location (e.g. A3, D8 etc.). Since the passcards can be printed on paper it is an inexpensive, simple and highly-effective method of providing two-factor authentication.

The system has been released freely for public use and there are a number of language specific implementations already in place. Based on the sheer number of possible combinations, the PPP system is 16.77 times more secure than the token based systems by Verisign and RSA Security!

Friday, November 02, 2007

Quick Access in Eclipse

Any software developer using an IDE begins to truly appreciate keyboard shortcut keys to make the coding process more seamless. Eclipse has a rich set of keyboard shortcuts for almost every task and view. Ctrl+Shift+L produces a list of all available keyboard shortcuts. Remembering these key combinations for regular tasks is fairly simple, however we often recollect the task to be performed or the view to be opened without knowing the keys to be pressed.

Eclipse 3.3 M7 introduced a new feature called Quick Access (Ctrl+3). With Quick Access, UI elements such as commands, views, wizards, preference pages etc. can be quickly listed and filtered through. Ctrl+3 or Window -> Navigation -> Quick Access from the menu brings up the Quick Access dialog. On typing in the filter field, the list dynamically filters to display relevant matches. Using the arrow keys, the desired option can be selected and executed.

The next time Quick Access is opened, previous choices made will be remembered and initially displayed. Further, the filter automatically lists previous choices made across different key sequences at the top. Quick Access has now become my Swiss Army Knife while using Eclipse for development.