lviii Password Management
systems rely on passwords only. These techniques do provide some measure
of protection against the casual browsing of information, but they rarely
stop a determined criminal. A computer password is much like a key to a
computer. Allowing several people to use the same password is like allowing
everyone to use the same key. More sophisticated systems today use Smart-
Cards and/or biometric evaluation techniques in combination with pass-
word usage to increase the difficulty in circumventing password
protections. Use of the password methodology is built on the premise that
something you know could be compromised by someone getting unautho-
rized access to the password. A system built on something you “know” (e.g.,
a password) combined with something you possess (e.g., a SmartCard) is a
much stronger system. The combination of knowing and possessing, com-
bined with being (biometrics), provides an even stronger layer of protec-
tion. Without having all three elements, even if someone could obtain your
password, it is useless without the card and the right biometrics (finger-
print, retinal scan, etc.).
SmartCards
In general, there are two categories of SmartCards. The first is a magnetic
strip card and the second is a ChipCard. As its name suggests, the magnetic
strip card has a magnetic strip containing some encoded confidential infor-
mation destined to be used in combination with the cardholder’s personal
code or password. The ChipCard uses a built-in microchip instead of a
magnetic strip. The simplest type of ChipCard contains a memory chip
with information, but it has no processing capability. The more effective
type of ChipCard contains a microchip with both memory to store some
information and a processor to process it; hence, the term SmartCard. Such
cards are often used in combination with cryptographic techniques to pro-
vide even stronger protection.
Biometric Systems
Biometric systems use specific personal characteristics (biometrics) of an
individual (e.g., a fingerprint, a voiceprint, keystroke characteristics, or the
pattern of the retina). Biometric systems are still considered an expensive
solution for the most part, and as a result of the cost, they are not yet in
common use today. However, even these sophisticated techniques are not
infallible. The adage that if someone wants it bad enough, they will find a way
to break in and take it still holds true.