PassGen
Protecting systems using One-Time Passwords

Introducing PassGen - a toolkit to generate one-time passwords, taking the hassle and responsibility away from the applications and users.

The FBI, The SANS Institute, Gartner, Forrester, Aberdeen... all warn that static passwords are one of the top security threats facing organizations today.
Even stringent 'strong' password protocols (like monthly password changes, no repeats, upper/lower/alpha/ numeric...) are no match for disgruntled employees, user 'Post-It Note' laissez faire, shoulder surfers and organized crime with password breaking software that makes short work of our inadequate human attempts to be secure.

Many organizations use expensive token solutions to help secure passwords.

What can PassGen do for you? - The PassGen technology can allow:

• Users to authenticate across insecure networks in a secure manner. Facilities such as terminal sessions (3270, Telnet, FTP etc.), which use clear-text passwords, can be secured.
• Passwords to be generated for users without knowledge of a current password value. This is useful in environments such as portals where users need to be connected to other systems without prompting user for another password.

PassGen is a solution that uses One Time Passwords to provide secure logon to UNIX, Firewalls, Web Servers and z/OS systems.

With the growth of applications operating through Portals and Web Servers many applications have a requirement to generate valid user passwords in a secure manner to enable these systems to operate in a secure manner.

Any person connecting to a LAN can view data from others. Tracing programs are easily acquired, as many are Public Domain. This represents a significant threat to system security.

A Userid and Password can be retrieved from the network and then used by a third party to compromise a system.

Protecting Passwords

To protect systems, Passwords need to be kept secret. Two options exist for traditional terminal based systems:

• Encrypt all data traffic. This requires deployment of software, keys and a considerable overhead in encrypting traffic.
• Use One-time Passwords. One-Time Passwords can be used only once. If the Passwords are intercepted they cannot be re-used. PassGen provides a facility to do this.

PassGen provides two one-time password systems in one convenient application, for Windows, Java and PalmOS:

• The IETF One Time Password Standard - S/KEY (RFC 1760). Most UNIX and Firewall systems provide support for this standard.
• IBM Security Server ( RACF™ ) Passticket algorithm available in RACF, CA-ACF2 and CA Top-Secret. This provides secure logon to IBM Mainframe systems. The Passticket can be used as a direct replacement for static Passwords, no changes are required to your existing applications.

Applications can use the PassTicket algorithm and S/KEY with a variety of programming interfaces.

For systems with no One Time password support, PassGen also provides encrypted password storage.