|
Work item:
|
X.1283 (ex X.gpwd)
|
|
Subject/title:
|
Threat Analysis and guidelines for securing password and password-less authentication solutions
|
|
Status:
|
Determined on 2024-03-01 [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2024-02 (No priority specified)
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
The security community is making a large movement to replace password authentication with alternative solutions that are known as passwordless authentication. Unfortunately, many of the proposed passwordless solutions suffer from the same limitation as current password solutions. These solutions are vulnerable to man-in-the-middle and phishing attacks among others.
Recommendation ITU-T X.1283 (X.gpwd) performs security and threat analysis of authentication solutions that are based on the use of shared secrets. It takes a close look into security risks associated with password systems and emerging passwordless solutions.
This Recommendation performs threat analysis, develops guidelines and best practices for the protection of users and accounts based on these methods. This work can be used by those adopters to support legacy solutions as they migrate to stronger authentication methods based on PKI (e.g., ITU-T X.1277 and ITU-T X.1278).
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2020-09-11 11:09:10
|
|
Last update:
2024-04-22 17:48:47
|
