2nd TIPPI Workshop

Trustworthy Interfaces for Passwords and Personal Information

Speaker: Arun Kothonath, Bharosa

Title: Bharosa Authenticator: Securing OTP data over a compromised computer

By default, when you login to any online or computer system, you are prompted for a password. This is known as a "reusable password" because you can input the same password whenever you login, until you either change the password on your own or are forced to change an expired password. This provides a measure of security: someone who doesn't know your password won't be able to access the resources on your system. However, this security is jeopardized if another user discovers your password.

There is another authentication system known as One Time Passwords (OTP). As the name suggests, you can only use a password once; you aren't allowed to reuse it. An OTP system aims to ensure that a discovered password is useless to the person who discovers it. While this can provide a bit more security, in a world that contains password crackers, packet sniffers, keyloggers and a rising number of sophisticated attacks, OTPs can still be compromised and used for fraud.

Bharosa Authenticator uses a system which can incrementally protect sensitive OTP data by creating a virtual and secure channel between the user and the server for transmitting OTPs, even if the computer and/or the network has been compromised.

Arun Kothonath is chief security architect for Bharosa. Over 12 years, Arun has led security initiatives for various Fortune 500 clients, the U.S. Department of Defense and state government organizations. Prior to joining Bharosa, Arun launched the security services organization for a Minnesota-based firm and headed their commercial operations.

Back to TIPPI workshop page