Misplaced Pages

#707292

133-432: Security tokens can be used to store information such as passwords , cryptographic keys used to generate digital signatures , or biometric data (such as fingerprints ). Some designs incorporate tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generation routine with some display capability to show a generated key number. Connected tokens utilize

266-453: A USB input device to function. Another combination is with a smart card to store locally larger amounts of identity data and process information as well. Another is a contactless BLE token that combines secure storage and tokenized release of fingerprint credentials. In the USB mode of operation sign-off requires care for the token while mechanically coupled to the USB plug. The advantage with

399-505: A computer . The tokens have a physical display; the authenticating user simply enters the displayed number to log in. Other tokens connect to the computer using wireless techniques, such as Bluetooth . These tokens transfer a key sequence to the local client or to a nearby access point. Alternatively, another form of token that has been widely available for many years is a mobile device which communicates using an out-of-band channel (like voice, SMS , or USSD ). Still other tokens plug into

532-410: A cryptographic hash of the password. If an attacker gets access to the file of hashed passwords guessing can be done offline, rapidly testing candidate passwords against the true password's hash value. In the example of a web-server, an online attacker can guess only at the rate at which the server will respond, while an off-line attacker (who gains access to the file) can guess at a rate limited only by

665-635: A hash chain , to generate a series of one-time passwords from a secret shared key. Each password is unique, even when previous passwords are known. The open-source OATH algorithm is standardized; other algorithms are covered by US patents . Each password is observably unpredictable and independent of previous ones, whereby an adversary would be unable to guess what the next password may be, even with knowledge of all previous passwords. Tokens can contain chips with functions varying from very simple to very complex, including multiple authentication methods. The simplest security tokens do not need any connection to

798-415: A keyboard or keypad . Disconnected tokens are the most common type of security token used (usually in combination with a password) in two-factor authentication for online identification. Connected tokens are tokens that must be physically connected to the computer with which the user is authenticating. Tokens in this category automatically transmit the authentication information to the client computer once

931-399: A polynomial , modulus , or an advanced hash function . Roger Needham invented the now-common approach of storing only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database,

1064-599: A 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks . In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems , mobile phones , cable TV decoders, automated teller machines (ATMs), etc. A typical computer user has passwords for many purposes: logging into accounts, retrieving e-mail , accessing applications, databases, networks, web sites, and even reading

1197-546: A LOGIN command that requested a user password. "After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy." In the early 1970s, Robert Morris developed a system of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974. A later version of his algorithm, known as crypt(3) , used

1330-433: A backup. The simplest vulnerability with any password container is theft or loss of the device. The chances of this happening, or happening unaware, can be reduced with physical security measures such as locks, electronic leash, or body sensor and alarm. Stolen tokens can be made useless by using two factor authentication . Commonly, in order to authenticate, a personal identification number (PIN) must be entered along with

1463-657: A board with fewer keys. Court reporters' stenotype machines use chorded keyboards to enable them to enter text much faster by typing a syllable with each stroke instead of one letter at a time. The fastest typists (as of 2007) use a stenograph, a kind of chorded keyboard used by most court reporters and closed-caption reporters. Some chorded keyboards are also made for use in situations where fewer keys are preferable, such as on devices that can be used with only one hand, and on small mobile devices that don't have room for larger keyboards. Chorded keyboards are less desirable in many cases because it usually takes practice and memorization of

SECTION 10

#1732870205708

1596-448: A certain pattern, allowing only one beam per row of keys (most commonly horizontal beam). Alphabetical, numeric, and punctuation keys are used in the same fashion as a typewriter keyboard to enter their respective symbol into a word processing program, text editor, data spreadsheet, or other program. Many of these keys will produce different symbols when modifier keys or shift keys are pressed. The alphabetic characters become uppercase when

1729-400: A challenge because of the sheer number of passwords users of computers and the internet are expected to maintain. One survey concluded that the average user has around 100 passwords. To manage the proliferation of passwords, some users employ the same password for multiple accounts, a dangerous practice since a data breach in one account could compromise the rest. Less risky alternatives include

1862-558: A chorded keyboard, was invented by Douglas Engelbart . Other types of one-handed keyboards include the FrogPad , the Half-keyboard , and one-handed Dvorak keyboard layouts designed for one hand typing . While other keyboards generally associate one action with each key, chorded keyboards associate actions with combinations of key presses. Since there are many combinations available, chorded keyboards can effectively produce more actions on

1995-410: A command line, window form or dialog box to operate its default function, which is typically to finish an "entry" and begin the desired process. In word processing applications, pressing the enter key ends a paragraph and starts a new one. Navigation keys or cursor keys include a variety of keys which move the cursor to different positions on the screen. Arrow keys are programmed to move the cursor in

2128-400: A consistent theme to keep their passwords memorable. Because of these issues, there is some debate as to whether password aging is effective. Changing a password will not prevent abuse in most cases, since the abuse would often be immediately noticeable. However, if someone may have had access to the password through some means, such as sharing a computer or breaching a different site, changing

2261-459: A cursor hovering above a menu. On some Samsung keyboards the cursor in the icon is not present, showing the menu only. This key was created at the same time as the Windows key. This key is normally used when the right mouse button is not present on the mouse. Some Windows public terminals do not have a Menu key on their keyboard to prevent users from right-clicking (however, in many Windows applications,

2394-484: A few important accounts, such as bank accounts. Similar arguments were made by Forbes in not change passwords as often as many "experts" advise, due to the same limitations in human memory. Historically, many security experts asked people to memorize their passwords: "Never write down a password". More recently, many security experts such as Bruce Schneier recommend that people use passwords that are too complicated to memorize, write them down on paper, and keep them in

2527-406: A game controller, and can be used as such, instead of laid out flat on top of a table surface. Typically handheld keyboards hold all the alphanumeric keys and symbols that a standard keyboard would have, yet only be accessed by pressing two sets of keys at once; one acting as a function key similar to a 'Shift' key that would allow for capital letters on a standard keyboard. Handheld keyboards allow

2660-537: A larger construction such as in PBKDF2 . The stored data—sometimes called the "password verifier" or the "password hash"—is often stored in Modular Crypt Format or RFC 2307 hash format, sometimes in the /etc/passwd file or the /etc/shadow file. The main storage methods for passwords are plain text, hashed, hashed and salted, and reversibly encrypted. If an attacker gains access to the password file, then if it

2793-482: A laser, onto a flat surface. The device then uses a camera or infrared sensor to "watch" where the user's fingers move, and will count a key as being pressed when it "sees" the user's finger touch the projected image. Projection keyboards can simulate a full size keyboard from a very small projector. Because the "keys" are simply projected images, they cannot be felt when pressed. Users of projected keyboards often experience increased discomfort in their fingertips because of

SECTION 20

#1732870205708

2926-662: A match, they know that their guess is the actual password for the associated user. Password cracking tools can operate by brute force (i.e. trying every possible combination of characters) or by hashing every word from a list; large lists of possible passwords in many languages are widely available on the Internet. The existence of password cracking tools allows attackers to easily recover poorly chosen passwords. In particular, attackers can quickly recover passwords that are short, dictionary words, simple variations on dictionary words, or that use easily guessable patterns. A modified version of

3059-468: A modern computer, the interpretation of key presses is generally left to the software: the information sent to the computer, the scan code , tells it only which physical key (or keys) was pressed or released. In normal usage, the keyboard is used as a text entry interface for typing text, numbers, and symbols into application software such as a word processor , web browser or social media app. Touchscreens use virtual keyboards . Typewriters are

3192-594: A numeric keypad, commonly those of laptop computers. These keys are collectively known as a numeric pad, numeric keys, or a numeric keypad, and it can consist of the following types of keys: Arithmetic operators , numbers , arrow keys , Navigation keys , Num Lock and Enter key . Multifunctional keyboards provide additional function beyond the standard keyboard. Many are programmable, configurable computer keyboards and some control multiple PCs, workstations and other information sources, usually in multi-screen work environments. Users have additional key functions as well as

3325-483: A password follow. The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts, also known as throttling. In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords if they have been well chosen and are not easily guessed. Many systems store

3458-411: A password system as a temporarily unique method of identification; one metallic click given by the device in lieu of a password was to be met by two clicks in reply. Passwords have been used with computers since the earliest days of computing. The Compatible Time-Sharing System (CTSS), an operating system introduced at MIT in 1961, was the first computer system to implement password login. CTSS had

3591-469: A password, but a password and a counterpassword; for example in the opening days of the Battle of Normandy , paratroopers of the U.S. 101st Airborne Division used a password— flash —which was presented as a challenge, and answered with the correct response— thunder . The challenge and response were changed every three days. American paratroopers also famously used a device known as a "cricket" on D-Day in place of

3724-417: A physical connection is made, eliminating the need for the user to manually enter the authentication information. However, in order to use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens (also called security keys ), which require a smart card reader and a USB port respectively. Increasingly, FIDO2 tokens, supported by

3857-407: A popular choice for keyless entry systems and electronic payment solutions such as Mobil Speedpass , which uses RFID to transmit authentication info from a keychain token. However, there have been various security concerns raised about RFID tokens after researchers at Johns Hopkins University and RSA Laboratories discovered that RFID tags could be easily cracked and cloned. Another downside

3990-491: A precautionary measure. If a new password is passed to the system in unencrypted form, security can be lost (e.g., via wiretapping ) before the new password can even be installed in the password database and if the new password is given to a compromised employee, little is gained. Some websites include the user-selected password in an unencrypted confirmation e-mail message, with the obvious increased vulnerability. Identity management systems are increasingly used to automate

4123-426: A reduced set of keys. They may not have a numeric keypad , and the function keys may be placed in locations that differ from their placement on a standard, full-sized keyboard. The switch mechanism for a laptop keyboard is more likely to be a scissor switch than a rubber dome; this is opposite the trend for full-size keyboards. Flexible keyboards are a junction between normal type and laptop type keyboards: normal from

Security token - Misplaced Pages Continue

4256-466: A risk of alienating users, possibly decreasing security as a result. It is common practice amongst computer users to reuse the same password on multiple sites. This presents a substantial security risk, because an attacker needs to only compromise a single site in order to gain access to other sites the victim uses. This problem is exacerbated by also reusing usernames , and by websites requiring email logins, as it makes it easier for an attacker to track

4389-459: A screenshot in the clipboard . The Break key /Pause key no longer has a well-defined purpose. Its origins go back to teleprinter users, who wanted a key that would temporarily interrupt the communications line. The Break key can be used by software in several different ways, such as to switch between multiple login sessions, to terminate a program, or to interrupt a modem connection. In programming, especially old DOS-style BASIC, Pascal and C, Break

4522-429: A sequence of words or other text separated by spaces is sometimes called a passphrase . A passphrase is similar to a password in usage, but the former is generally longer for added security. Passwords have been used since ancient times. Sentries would challenge those wishing to enter an area to supply a password or watchword , and would only allow a person or group to pass if they knew the password. Polybius describes

4655-403: A set of characters engraved or printed on them, and each press of a key typically corresponds to a single written symbol . However, producing some symbols may require pressing and holding several keys simultaneously or in sequence. While most keys produce characters ( letters , numbers or symbols), other keys (such as the escape key ) can prompt the computer to execute system commands. In

4788-404: A set time interval; e.g., once per minute. To do this, some sort of synchronization must exist between the client 's token and the authentication server . For disconnected tokens, this time-synchronization is done before the token is distributed to the client . Other token types do the synchronization when the token is inserted into an input device . The main problem with time-synchronized tokens

4921-462: A similar functionality can be invoked with the Shift+F10 keyboard shortcut ). Many, but not all, computer keyboards have a numeric keypad to the right of the alphabetic keyboard, often separated from the other groups of keys such as the function keys and system command keys, which contains numbers, basic mathematical symbols (e.g., addition, subtraction, etc.), and a few function keys. In addition to

5054-421: A single dictionary word is not. Having a personally designed algorithm for generating obscure passwords is another good method. However, asking users to remember a password consisting of a "mix of uppercase and lowercase characters" is similar to asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if

5187-579: A single user across multiple sites. Password reuse can be avoided or minimized by using mnemonic techniques , writing passwords down on paper , or using a password manager . It has been argued by Redmond researchers Dinei Florencio and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada, that password reuse is inevitable, and that users should reuse passwords for low-security websites (which contain little personal data and no financial information, for example) and instead focus their efforts on remembering long, complex passwords for

5320-527: A specified direction; page scroll keys, such as the Page Up and Page Down keys , scroll the page up and down. The Home key is used to return the cursor to the beginning of the line where the cursor is located; the End key puts the cursor at the end of the line. The Tab key advances the cursor to the next tab stop. The Insert key is mainly used to switch between overtype mode, in which the cursor overwrites any text that

5453-425: A variety of function keys . The repertoire of glyphs engraved on the keys of a keyboard accords with national conventions and language needs. Computer keyboards are similar to electric-typewriter keyboards but contain additional keys, such as the command key or Windows keys . Keyboards on laptops and notebook computers usually have a shorter travel distance for the keystroke, shorter over travel distance, and

Security token - Misplaced Pages Continue

5586-410: A variety of interfaces including USB , near-field communication (NFC), radio-frequency identification (RFID), or Bluetooth . Some tokens have audio capabilities designed for those who are vision-impaired. All tokens contain some secret information used to prove identity. There are four different ways in which this information can be used: Time-synchronized, one-time passwords change constantly at

5719-442: A wallet. Password manager software can also store passwords relatively safely, in an encrypted file sealed with a single master password. To facilitate estate administration, it is helpful for people to provide a mechanism for their passwords to be communicated to the persons who will administer their affairs in the event of their death. Should a record of accounts and passwords be prepared, care must be taken to ensure that

5852-446: Is a peripheral input device modeled after the typewriter keyboard which uses an arrangement of buttons or keys to act as mechanical levers or electronic switches . Replacing early punched cards and paper tape technology, interaction via teleprinter -style keyboards have been the main input method for computers since the 1970s, supplemented by the computer mouse since the 1980s. Keyboard keys (buttons) typically have

5985-472: Is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often). Such policies usually provoke user protest and foot-dragging at best and hostility at worst. There is often an increase in the number of people who note down the password and leave it where it can easily be found, as well as help desk calls to reset a forgotten password. Users may use simpler passwords or develop variation patterns on

6118-536: Is a limited workspace. A thumb keyboard (thumb board) is used in some personal digital assistants such as the Palm Treo and BlackBerry and some Ultra-Mobile PCs such as the OQO . Numeric keyboards contain only numbers, mathematical symbols for addition, subtraction, multiplication, and division, a decimal point, and several function keys. They are often used to facilitate data entry with smaller keyboards that do not have

6251-436: Is also descended from the mechanical typewriter. Its main purpose is to enter the space between words during typing. It is large enough so that a thumb from either hand can use it easily. Depending on the operating system, when the space bar is used with a modifier key such as the control key, it may have functions such as resizing or closing the current window, half-spacing, or backspacing. In computer games and other applications

6384-446: Is an arbitrary string of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number (PIN). Despite its name, a password does not need to be an actual word; indeed, a non-word (in the dictionary sense) may be harder to guess, which is a desirable property of passwords. A memorized secret consisting of

6517-459: Is available apart from the standardised Bluetooth power control algorithm to provide a calibration on minimally required transmission power. Bluetooth tokens are often combined with a USB token, thus working in both a connected and a disconnected state. Bluetooth authentication works when closer than 32 feet (9.8 meters). When the Bluetooth link is not properly operable, the token may be inserted into

6650-655: Is called Square , a credit card reader for iOS and Android devices. Some use a special purpose interface (e.g. the crypto ignition key deployed by the United States National Security Agency ). Tokens can also be used as a photo ID card . Cell phones and PDAs can also serve as security tokens with proper programming. Many connected tokens use smart card technology. Smart cards can be very cheap (around ten cents) and contain proven security mechanisms (as used by financial institutions, like cash cards). However, computational performance of smart cards

6783-413: Is cracking both necessary and possible. If a cryptographic hash function is well designed, it is computationally infeasible to reverse the function to recover a plaintext password. An attacker can, however, use widely available tools to attempt to guess the passwords. These tools work by hashing possible passwords and comparing the result of each guess to the actual password hashes. If the attacker finds

SECTION 50

#1732870205708

6916-408: Is designed with a focus on specific features that suit particular needs. Today, most full-size keyboards use one of three different mechanical layouts, usually referred to as simply ISO ( ISO/IEC 9995 -2), ANSI ( ANSI - INCITS 154-1988), and JIS ( JIS X 6002-1980), referring roughly to the organizations issuing the relevant worldwide, United States, and Japanese standards, respectively. (In fact,

7049-431: Is made, possibly supplying a code that must be entered in addition to a password. More sophisticated factors include such things as hardware tokens and biometric security. Password rotation is a policy that is commonly implemented with the goal of enhancing computer security . In 2019, Microsoft stated that the practice is "ancient and obsolete". Most organizations specify a password policy that sets requirements for

7182-401: Is often rather limited because of extreme low power consumption and ultra-thin form-factor requirements. Smart-card-based USB tokens which contain a smart card chip inside provide the functionality of both USB tokens and smart cards. They enable a broad range of security solutions and provide the abilities and security of a traditional smart card without requiring a unique input device. From

7315-543: Is possible to install multiple keyboard layouts within an operating system and switch between them, either through features implemented within the OS, or through an external application. Microsoft Windows, Linux, and Mac provide support to add keyboard layouts and choose from them. Keyboards and keypads may be illuminated from inside, especially on equipment for mobile use. Both keyboards built into computers and external ones may support backlighting; external backlit keyboards may have

7448-432: Is present on and after its current location, and insert mode, where the cursor inserts a character at its current position, forcing all characters past it one position further. The Delete key discards the character ahead of the cursor's position, moving all following characters one position "back" towards the freed place. On many notebook computer keyboards the key labeled Delete (sometimes Delete and Backspace are printed on

7581-612: Is sometimes used to distribute passwords but this is generally an insecure method. Since most email is sent as plaintext , a message containing a password is readable without effort during transport by any eavesdropper. Further, the message will be stored as plaintext on at least two computers: the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on there as well, at least for some time, and may be copied to backup , cache or history files on any of these systems. Using client-side encryption will only protect transmission from

7714-450: Is stored as plain text, no cracking is necessary. If it is hashed but not salted then it is vulnerable to rainbow table attacks (which are more efficient than cracking). If it is reversibly encrypted then if the attacker gets the decryption key along with the file no cracking is necessary, while if he fails to get the key cracking is not possible. Thus, of the common storage formats for passwords only when passwords have been salted and hashed

7847-447: Is that contactless tokens have relatively short battery lives; usually only 5–6 years, which is low compared to USB tokens which may last more than 10 years. Some tokens however do allow the batteries to be changed, thus reducing costs. The Bluetooth Low Energy protocols provide long lasting battery lifecycle of wireless transmission. Although, the automatic transmission power control attempts for radial distance estimates. The escape

7980-433: Is that they can, over time, become unsynchronized. However, some such systems, such as RSA's SecurID , allow the user to re-synchronize the server with the token, sometimes by entering several consecutive passcodes. Most also cannot have replaceable batteries and only last up to 5 years before having to be replaced – so there is an additional cost. Another type of one-time password uses a complex mathematical algorithm, such as

8113-481: Is the Transport Layer Security (TLS, previously called SSL ) feature built into most current Internet browsers . Most browsers alert the user of a TLS/SSL-protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. There are several other techniques in use. There is a conflict between stored hashed-passwords and hash-based challenge–response authentication ;

SECTION 60

#1732870205708

8246-601: Is to prevent bystanders from reading the password; however, some argue that this practice may lead to mistakes and stress, encouraging users to choose weak passwords. As an alternative, users should have the option to show or hide passwords as they type them. Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include extortion , rubber hose cryptanalysis , and side channel attack . Some specific password management issues that must be considered when thinking about, choosing, and handling,

8379-468: Is used (in conjunction with Ctrl) to stop program execution. In addition to this, Linux and variants, as well as many DOS programs, treat this combination the same as Ctrl+C. On modern keyboards, the break key is usually labeled Pause/Break. In most Windows environments, the key combination Windows key+Pause brings up the system properties. The escape key ( esc ) has a variety of meanings according to Operating System, application or both. "Nearly all of

8512-499: The DES algorithm was used as the basis for the password hashing algorithm in early Unix systems. The crypt algorithm used a 12-bit salt value so that each user's hash was unique and iterated the DES algorithm 25 times in order to make the hash function slower, both measures intended to frustrate automated guessing attacks. The user's password was used as a key to encrypt a fixed value. More recent Unix or Unix-like systems (e.g., Linux or

8645-430: The computer operating system 's point of view such a token is a USB-connected smart card reader with one non-removable smart card present. Unlike connected tokens, contactless tokens form a logical connection to the client computer but do not require a physical connection. The absence of the need for physical contact makes them more convenient than both connected and disconnected tokens. As a result, contactless tokens are

8778-739: The software accesses the I/O device in question to authorize the use of the software in question. Commercial solutions are provided by a variety of vendors, each with their own proprietary (and often patented) implementation of variously used security features. Token designs meeting certain security standards are certified in the United States as compliant with FIPS 140 , a federal security standard. Tokens without any kind of certification are sometimes viewed as suspect, as they often do not meet accepted government or industry security standards, have not been put through rigorous testing, and likely cannot provide

8911-429: The tribune , and receiving from him the watchword—that is a wooden tablet with the word inscribed on it – takes his leave, and on returning to his quarters passes on the watchword and tablet before witnesses to the commander of the next maniple, who in turn passes it to the one next to him. All do the same until it reaches the first maniples, those encamped near the tents of the tribunes. These latter are obliged to deliver

9044-421: The "start" button was to hold down the control key and press escape. This process still works in Windows 95, 98, Me, NT 4, 2000, XP, Vista, 7, 8, and 10. The 'enter key' ⌅ Enter and 'return key' ↵ Return are two closely related keys with overlapping and distinct functions dependent on operating system and application . On full-size keyboards, there are two such keys, one in the alphanumeric keys and

9177-535: The 105 key layout is the norm in the rest of the world. This number is not always followed, and individual keys or whole sections are commonly skipped for the sake of compactness or user preference. The most common choice is to not include the numpad, which can usually be fully replaced by the alphanumeric section; such designs are referred to as "tenkeyless" (or TKL). Laptops and wireless peripherals often lack duplicate keys and ones seldom used. Function- and arrow keys are nearly always present. Another factor determining

9310-444: The Bluetooth mode of operation is the option of combining sign-off with distance metrics. Respective products are in preparation, following the concepts of electronic leash. Near-field communication (NFC) tokens combined with a Bluetooth token may operate in several modes, thus working in both a connected and a disconnected state. NFC authentication works when closer than 1 foot (0.3 meters). The NFC protocol bridges short distances to

9443-453: The Esc key extensively. Historically it also served as a type of shift key, such that one or more following characters were interpreted differently, hence the term escape sequence , which refers to a series of characters, usually preceded by the escape character . On machines running Microsoft Windows, prior to the implementation of the Windows key on keyboards, the typical practice for invoking

9576-655: The Macintosh and Apple keyboards, the modifier keys are the Option key and Command key , respectively. On Sun Microsystems and Lisp machine keyboards, the Meta key is used as a modifier and for Windows keyboards, there is a Windows key . Compact keyboard layouts often use a Fn key . " Dead keys " allow placement of a diacritic mark, such as an accent, on the following letter (e.g., the Compose key ). The enter/return key typically causes

9709-451: The additional cost and space requirements of other types of hardware keyboards. Microsoft Windows, Mac OS X, and some varieties of Linux include on-screen keyboards that can be controlled with the mouse. In these, the mouse has to be maneuvered onto the on-screen letters given by the software. On the click of a letter, the software writes the respective letter in the respective spot. Projection keyboards project an image of keys, usually with

9842-431: The attacker. Some systems, such as PGP and Wi-Fi WPA , apply a computation-intensive hash to the password to slow such attacks, in a technique known as key stretching . An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and

9975-436: The authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by wiretapping methods. If it is carried as packeted data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection. Email

10108-494: The authentication system themselves. Since the token value is mathematically correct, the authentication succeeds and the fraudster is granted access. In 2006, Citibank was the victim of an attack when its hardware-token-equipped business users became the victims of a large Ukrainian-based man-in-the-middle phishing operation. In 2012, the Prosecco research team at INRIA Paris-Rocquencourt developed an efficient method of extracting

10241-401: The combinations to become proficient. Virtual keyboards , sometimes called on-screen keyboards (rarely software keyboards), consist of computer programs that display an image of a keyboard on the screen. Another input device such as a mouse or a touchscreen can be used to operate each virtual key to enter text. Virtual keyboards have become very popular in touchscreen enabled cell phones due to

10374-473: The composition and usage of passwords, typically dictating minimum length, required categories (e.g., upper and lower case, numbers, and special characters), prohibited elements (e.g., use of one's own name, date of birth, address, telephone number). Some governments have national authentication frameworks that define requirements for user authentication to government services, including requirements for passwords. Computer keyboard A computer keyboard

10507-404: The computer and may require a PIN. Depending on the type of the token, the computer OS will then either read the key from the token and perform a cryptographic operation on it, or ask the token's firmware to perform this operation. A related application is the hardware dongle required by some computer programs to prove ownership of the software . The dongle is placed in an input device and

10640-418: The conflict and limitation of hash-based methods. An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the un-hashed password is required to gain access. Usually, a system must provide a way to change a password, either because a user believes the current password has been (or might have been) compromised, or as

10773-454: The definitive ancestor of all key-based text entry devices, but the computer keyboard as a device for electromechanical data entry and communication largely comes from the utility of two devices: teleprinters (or teletypes) and keypunches . It was through such devices that modern computer keyboards inherited their layouts. As early as the 1870s, teleprinter-like devices were used to simultaneously type and transmit stock market text data from

10906-521: The earliest computers incorporated electric typewriter keyboards: the development of the ENIAC computer incorporated a keypunch device as both the input and paper-based output device, and the BINAC computer made use of an electromechanically controlled typewriter for both data entry onto magnetic tape (instead of paper) and data output. The keyboard remained the primary, most integrated computer peripheral well into

11039-412: The effect of advice given to users about a good choice of password. They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two or more unrelated words and altering some of the letters to special characters or numbers is another good method, but

11172-402: The emitters and sensors are located in the perimeter, mounted on a small PCB . The light is directed from side to side of the keyboard interior and it can only be blocked by the actuated keys. Most optical keyboards require at least 2 beams (most commonly vertical beam and horizontal beam) to determine the actuated key. Some optical keyboards use a special key structure that blocks the light in

11305-429: The equal sign. On Japanese/Korean keyboards , there may be language input keys for changing the language to use. Some keyboards have power management keys (e.g., power key, sleep key and wake key); Internet keys to access a web browser or e-mail ; and/or multimedia keys, such as volume controls; or keys that can be programmed by the user to launch a specified application or a command like minimizing all windows. It

11438-452: The era of personal computing until the introduction of the mouse as a consumer device in 1984. By this time, text-only user interfaces with sparse graphics gave way to comparatively graphics-rich icons on screen . However, keyboards remain central to human-computer interaction to the present though mobile personal computing devices such as smartphones and tablets use a virtual keyboard . Different types of keyboards are available and each

11571-405: The first keypunch devices, which soon evolved to include keys for text and number entry akin to normal typewriters by the 1930s. The keyboard on the teleprinter played a strong role in point-to-point and point-to-multipoint communication for most of the 20th century, while the keyboard on the keypunch device played a strong role in data entry and storage for just as long. The development of some of

11704-561: The full arrangement of keys, and laptop from the short key distance. Additionally, the flexibility allows the user to fold/roll the keyboard for better storage and transfer. However, for typing the keyboard must be resting on a hard surface. The vast majority of flexible keyboards in the market are made from silicone; this material makes them water- and dust-proof. This is useful in hospitals, where keyboards are subjected to frequent washing, and other dirty or must-be-clean environments. Handheld ergonomic keyboards are designed to be held like

11837-423: The funds are to be transferred to. Passwords A password , sometimes called a passcode , is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized , but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using

11970-524: The hardware on which the attack is running and the strength of the algorithm used to create the hash. Passwords that are used to generate cryptographic keys (e.g., for disk encryption or Wi-Fi security) can also be subjected to high rate guessing, known as password cracking . Lists of common passwords are widely available and can make password attacks very efficient. Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for

12103-510: The hash is used as a shared secret, an attacker does not need the original password to authenticate remotely; they only need the hash. Rather than transmitting a password, or transmitting the hash of the password, password-authenticated key agreement systems can perform a zero-knowledge password proof , which proves knowledge of the password without exposing it. Moving a step further, augmented systems for password-authenticated key agreement (e.g., AMP , B-SPEKE , PAK-Z , SRP-6 ) avoid both

12236-401: The information provided by the token the same time as the output of the token. Any system which allows users to authenticate via an untrusted network (such as the Internet ) is vulnerable to man-in-the-middle attacks . In this type of attack, an attacker acts as the "go-between" of the user and the legitimate system, soliciting the token output from the legitimate user and then supplying it to

12369-492: The issuance of replacements for lost passwords, a feature called self-service password reset . The user's identity is verified by asking questions and comparing the answers to ones previously stored (i.e., when the account was opened). Some password reset questions ask for personal information that could be found on social media, such as mother's maiden name. As a result, some security experts recommend either making up one's own questions or giving false answers. "Password aging"

12502-472: The key has myriad uses in addition to its normal purpose in typing, such as jumping and adding marks to check boxes. In certain programs for playback of digital video, the space bar is used for pausing and resuming the playback. Modifier keys are special keys that modify the normal action of another key, when the two are pressed in combination. For example, Alt + F4 in Microsoft Windows will close

12635-484: The keyboard across telegraph lines to stock ticker machines to be immediately copied and displayed onto ticker tape . The teleprinter, in its more contemporary form, was developed from 1907 to 1910 by American mechanical engineer Charles Krum and his son Howard , with early contributions by electrical engineer Frank Pearne . Earlier models were developed separately by individuals such as Royal Earl House and Frederick G. Creed . Earlier, Herman Hollerith developed

12768-471: The lack of "give" when typing. A flat, non-reflective surface is also required for the keys to be projected. Most projection keyboards are made for use with PDAs and smartphones due to their small form factor. Also known as photo-optical keyboard, light responsive keyboard, photo-electric keyboard and optical key actuation detection technology. An optical keyboard technology utilizes LEDs and photo sensors to optically detect actuated keys. Most commonly

12901-427: The latter requires a client to prove to a server that they know what the shared secret (i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On many systems (including Unix -type systems) doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks. In addition, when

13034-469: The latter, the Enter key is in a single row (usually the third from the bottom) while in the former it spans over two rows and has an inverse L shape. The purpose of the ⇧ Shift key is to invoke the first alternative function of the key with which it is pressed concurrently. For alphabetic keys, shift+letter gives the upper case version of that letter. For other keys, the key is engraved with symbols for both

13167-459: The like. Physical security issues are also a concern, from deterring shoulder surfing to more sophisticated physical threats such as video cameras and keyboard sniffers. Passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any of the available automatic attack schemes. Nowadays, it is a common practice for computer systems to hide passwords as they are typed. The purpose of this measure

13300-421: The mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in clear text. The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. The most widely used

13433-595: The mechanical layouts referred such as "ISO" and "ANSI" comply to the primary recommendations in the named standards, while each of these standards in fact also allows the other way.) ANSI standard alphanumeric keyboards have keys that are on three-quarter inch centers (0.75 inches (19 mm)), and have a key travel of at least 0.15 inches (3.8 mm). Modern keyboard models contain a set number of total keys according to their given standard, described as 101, 104, 105, etc. and sold as "Full-size" keyboards. Modern keyboards matching US conventions typically have 104 keys while

13566-402: The morning newspaper online. The easier a password is for the owner to remember generally means it will be easier for an attacker to guess. However, passwords that are difficult to remember may also reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use

13699-528: The open specification group FIDO Alliance have become popular for consumers with mainstream browser support beginning in 2015 and supported by popular websites and social media sites. Older PC card tokens are made to work primarily with laptops . Type II PC Cards are preferred as a token as they are half as thick as Type III. The audio jack port is a relatively practical method to establish connection between mobile devices, such as iPhone , iPad and Android , and other accessories. The most well known device

13832-416: The other one is in the numeric keys. The purpose of the enter key is to confirm what has been typed. The return key is based on the original line feed / carriage return function of typewriters : in many word processors, for example, the return key ends a paragraph; in a spreadsheet, it completes the current cell and move to the next cell. The shape of the Enter key differs between ISO and ANSI keyboards: in

13965-466: The password limits the window for abuse. Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at

14098-425: The private key also serves as a proof of the user's identity. For tokens to identify the user, all tokens must have some kind of number that is unique. Not all approaches fully qualify as digital signatures according to some national laws. Tokens with no on-board keyboard or another user interface cannot be used in some signing scenarios, such as confirming a bank transaction based on the bank account number that

14231-501: The program in an active window . In contrast, pressing just F4 will probably do nothing, unless assigned a specific function in a particular program. By themselves, modifier keys usually do nothing. The most widely used modifier keys include the Control key , Shift key and the Alt key . The AltGr key is used to access additional symbols for keys that have three symbols printed on them. On

14364-447: The reader while the Bluetooth connection serves for data provision with the token to enable authentication. Also when the Bluetooth link is not connected, the token may serve the locally stored authentication information in coarse positioning to the NFC reader and relieves from exact positioning to a connector. Some types of single sign-on (SSO) solutions, like enterprise single sign-on , use

14497-399: The records are secure, to prevent theft or fraud. Multi-factor authentication schemes combine passwords (as "knowledge factors") with one or more other means of authentication, to make authentication more secure and less vulnerable to compromised passwords. For example, a simple two-factor login might send a text message, e-mail, automated phone call, or similar alert whenever a login attempt

14630-469: The row of number keys above the top alphabetic row, most desktop keyboards have a number pad or accounting pad, on the right hand side of the keyboard. While num lock is set, the numbers on these keys duplicate the number row; if not, they have alternative functions as engraved. In addition to numbers, this pad has command symbols concerned with calculations such as addition, subtraction, multiplication and division symbols. The enter key in this keys indicate

14763-420: The same key) serves the same purpose as a Backspace key. The Backspace key deletes the preceding character. Lock keys lock part of a keyboard, depending on the settings selected. The lock keys are scattered around the keyboard. Most styles of keyboards have three LEDs indicating which locks are enabled, in the upper right corner above the numeric pad. The lock keys include Scroll lock , Num lock (which allows

14896-408: The same level of cryptographic security as token solutions which have had their designs independently audited by third-party agencies. Disconnected tokens have neither a physical nor logical connection to the client computer. They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually themselves via

15029-461: The same password across different accounts. Similarly, the more stringent the password requirements, such as "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system. Others argue longer passwords provide more security (e.g., entropy ) than shorter passwords with a wide variety of characters. In The Memorability and Security of Passwords , Jeff Yan et al. examine

15162-420: The same password for accounts on different systems, those will be compromised as well. More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. The most secure do not store passwords at all, but a one-way derivation, such as

15295-401: The same time, and they make removal of a particular user's access more difficult, as for instance on graduation or resignation. Separate logins are also often used for accountability, for example to know who changed a piece of data. Common techniques used to improve the security of computer systems protected by a password include: Some of the more stringent policy enforcement measures can pose

15428-565: The secret key from several PKCS #11 cryptographic devices. These findings were documented in INRIA Technical Report RR-7944, ID hal-00691958, and published at CRYPTO 2012. Trusted as a regular hand-written signature, the digital signature must be made with a private key known only to the person authorized to make the signature. Tokens that allow secure on-board generation and storage of private keys enable secure digital signatures, and can also be used for user authentication, as

15561-419: The shift key or Caps Lock key is depressed. The numeric characters become symbols or punctuation marks when the shift key is depressed. The alphabetical, numeric, and punctuation keys can also have other functions when they are pressed at the same time as some modifier keys. The Space bar is a horizontal bar in the lowermost row, which is significantly wider than other keys. Like the alphanumeric characters, it

15694-482: The size of a keyboard is the size and spacing of the keys. The reduction is limited by the practical consideration that the keys must be large enough to be easily pressed by fingers. Alternatively, a tool is used for pressing small keys. Desktop computer keyboards include alphabetic characters and numerals (and usually additionally a numeric keypad ), typographical symbols and punctuation marks , one or more currency symbols and other special characters, diacritics and

15827-1091: The standard functions and can typically use a single keyboard and mouse to access multiple sources. Multifunctional keyboards may feature customised keypads, fully programmable function or soft keys for macros/pre-sets, biometric or smart card readers, trackballs , etc. New generation multifunctional keyboards feature a touchscreen display to stream video, control audio visual media and alarms, execute application inputs, configure individual desktop environments, etc. Multifunctional keyboards may also permit users to share access to PCs and other information sources. Multiple interfaces (serial, USB, audio, Ethernet, etc.) are used to integrate external devices. Some multifunctional keyboards are also used to directly and intuitively control video walls. Common environments for multifunctional keyboards are complex, high-performance workplaces for financial traders and control room operators (emergency services, security, air traffic management; industry, utilities management, etc.). Many keyboards have been designed for one-handed operation. The first one,

15960-448: The system for the distribution of watchwords in the Roman military as follows: The way in which they secure the passing round of the watchword for the night is as follows: from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of

16093-471: The tablet to the tribunes before dark. So that if all those issued are returned, the tribune knows that the watchword has been given to all the maniples, and has passed through all on its way back to him. If any one of them is missing, he makes inquiry at once, as he knows by the marks from what quarter the tablet has not returned, and whoever is responsible for the stoppage meets with the punishment he merits. Passwords in military use evolved to include not just

16226-482: The terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier . When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol , the verifier is able to infer the claimant's identity. In general, a password

16359-525: The time", it signals Stop , QUIT , or "let me get out of a dialog" (or pop-up window). It triggers the Stop function in many web browsers. The escape key was part of the standard keyboard of the Teletype Model 33 (introduced in 1964 and used with many early minicomputers). The DEC VT50 , introduced July 1974, also had an Esc key. The TECO text editor (ca 1963) and its descendant Emacs (ca 1985) use

16492-587: The token to store software that allows for seamless authentication and password filling. As the passwords are stored on the token, users need not remember their passwords and therefore can select more secure passwords, or have more secure passwords assigned. Usually most tokens store a cryptographic hash of the password so that if the token is compromised, the password is still protected. Programmable tokens are marketed as "drop-in" replacement of mobile applications such as Google Authenticator (miniOTP). They can be used as mobile app replacement, as well as in parallel as

16625-419: The unshifted and shifted result. When used in combination with other control keys (such as Ctrl , Alt or AltGr ), the effect is system and application dependent. The Menu key or Application key is a key found on Windows-oriented computer keyboards. It is used to launch a context menu with the keyboard rather than with the usual right mouse button. The key's symbol is usually a small icon depicting

16758-473: The use of password managers , single sign-on systems and simply keeping paper lists of less critical passwords. Such practices can reduce the number of passwords that must be memorized, such as the password manager's master password, to a more manageable number. The security of a password-protected system depends on several factors. The overall system must be designed for sound security, with protection against computer viruses , man-in-the-middle attacks and

16891-464: The use of the numeric keypad), and Caps lock . The SysRq and Print screen commands often share the same key. SysRq was used in earlier computers as a "panic" button to recover from crashes (and it is still used in this sense to some extent by the Linux kernel ; see Magic SysRq key ). The Print screen command used to capture the entire screen and send it to the printer, but in the present it usually puts

17024-519: The user is permitted access. The hash value is created by applying a cryptographic hash function to a string consisting of the submitted password and, in many implementations, another value known as a salt . A salt prevents attackers from easily building a list of hash values for common passwords and prevents password cracking efforts from scaling across all users. MD5 and SHA1 are frequently used cryptographic hash functions, but they are not recommended for password hashing unless they are used as part of

17157-408: The user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Attackers may conversely use knowledge of this mitigation to implement a denial of service attack against the user by intentionally locking

17290-421: The user out of their own device; this denial of service may open other avenues for the attacker to manipulate the situation to their advantage via social engineering . Some computer systems store user passwords as plaintext , against which to compare user logon attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ

17423-615: The user simply capitalises one of the letters). Asking users to use "both letters and digits" will often lead to easy-to-guess substitutions such as 'E' → '3' and 'I' → '1', substitutions that are well known to attackers. Similarly typing the password one keyboard row higher is a common trick known to attackers. In 2013, Google released a list of the most common password types, all of which are considered insecure because they are too easy to guess (especially after researching an individual on social media), which includes: Traditional advice to memorize passwords and never write them down has become

17556-454: The user the ability to move around a room or to lean back on a chair while also being able to type in front or away from the computer. Some variations of handheld ergonomic keyboards also include a trackball mouse that allow mouse movement and typing included in one handheld device. Smaller external keyboards have been introduced for devices without a built-in keyboard, such as PDAs , and smartphones. Small keyboards are also useful where there

17689-422: The various BSD systems) use more secure password hashing algorithms such as PBKDF2 , bcrypt , and scrypt , which have large salts and an adjustable cost or number of iterations. A poorly designed hash function can make attacks feasible even if a strong password is chosen. LM hash is a widely deployed and insecure example. Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to

#707292