A major security problem for operating systems is User authentication.
Passwords
Most comman approach to user auth. is passwords. User identified by id and asked for password. I£ the user-supplied password matches the password stored in the system, the system assumes that the account is being accessed by the owner of that account.For instance, a password may be associated with each resource (such as a file). Different passwords may be associated with different access rights. For example, different passwords may be used for reading files, appending files, and updating files, In practice, most systems require only one password for a user to gain full rights
Password Vulnerabilities
Unfortunately, passwords can often be guessed, accidentally exposed, sniffed, or illegally transferred from an authorized user to an unauthorized one. There are two common ways to guess a password. One way is for the intruder (either human or program) to know the user or to have information about the user. The other way is to use brute force, trying enumeration-or all possible combinations of valid password characters (letters, numbers, and punctuation on some systems)-until the password is found.
Encrypting the data stream containing the password solves this problem. Exposure is a particularly severe problem if the password is written down where it can be read or lost. At some sites, administrators occasionally check user passwords and notify a user if his password is easy to guess. Some systems also age passwords, forcing users to change their passwords at regular intervals (every three months, for instance) also not allowing old used password
A good technique is to generate your password by using the first letter of each word of an easily remembered phrase using both upper and lower characters with a number or punctuation mark thrown in for good measure.
One-Time Passwords
To avoid the problems of password sniffing and shoulder surfing, a system could use a set of paired password,When a session begins, the system randomly selects and presents one part of a password pair; the user must supply the other part. In this system, the user is challenged and must respond with the correct answer to that challenge.
the password is different in each instance. Anyone capturing the password from one session and trying to reuse it in another session will faiL One-time passwords are among the only ways to prevent improper authentication clue to password exposure. Pin etc as one time password
Bio metrics
the use of biometric measures. Palm- or hand-readers are commonly used to secure physical access. These readers match stored parameters against what is being read from hand-reader pads. The parameters can include a temperature map, as well as finger length, finger width, and line patterns.
Fingerprint readers have become accurate and cost-effective and should become more common in the future. These devices read finger ridge patterns and convert them into a sequence of numbers. If this information is encrypted in transit, the system can be very resistant to spoofing or replay attack.
Consider how strong authentication can be with a USB device that must be plugged into the system, a PIN, and a fingerprint scan. Except for the user's having to place her finger on a pad and plug the USB into the system, this authentication method is no less convenient, but of no use if not encrypted.