Date of Award
3-6-2007
Document Type
Thesis
Degree Name
Master of Science
Department
Department of Systems Engineering and Management
First Advisor
Dennis D. Strouble, PhD
Abstract
The purpose of this research is to determine whether the transition to a two-factor authentication system is more secure than a system that relied only on what users “know” for authentication. While we found that factors that made passwords inherently vulnerable did not transfer to the PIN portion of a two-factor authentication system, we did find significant problems relating to usability, worker productivity, and the loss and theft of smart cards. The new authentication method has disrupted our ability to stay connected to ongoing mission issues, forced some installations to cut off remote access for their users and in one instance, caused a reserve unit to regress 10 years in their notification and recall procedures. The best-case scenario for lost productivity due to users leaving their CAC at work, in their computer, is costing 261 work years per year with an estimated cost of 10.4 million payroll dollars. Finally, the new authentication method is causing an increase in the loss or theft of CACs, our primary security mechanism for accessing DoD installations, at a rate of 28,222 a year. A single tool, such as the CAC, for all systems and services, carries much power, are we prepared for the responsibility?
AFIT Designator
AFIT-GIR-ENV-07-M1
DTIC Accession Number
ADA464139
Recommended Citation
Alsop, Alan S., "Beyond Passswords: Usage and Policy Transformation" (2007). Theses and Dissertations. 3037.
https://scholar.afit.edu/etd/3037
Included in
Information Security Commons, Other Operations Research, Systems Engineering and Industrial Engineering Commons