User Authentication: Passive USB tokens, an alternative to Passwords?

Abstract: Most personal computers today employ knowl- edge based user authentication e.g. password pro- tection. Nevertheless, password protection is re- garded as insecure. This paper investigates if a token based authentication solution for Win- dows XP (using passive USB storage devices), can counter any of the documented issues inherent with password based authentication. An architec- ture for such a solution aimed at the home/small business market is presented and evaluated. The research method is based on the principles of Design Research. The achitecture and proto- type is developed using prototyping. A litterature study provides a theoretical framework used as a basis for architecture evalutation. This paper's contribution is mainly an architecture of a token based authentication solution (for Windows XP), capable of addressing many of the known prob- lems regarding password use. Conclusions include the observed pros and cons of the suggested solu- tion, as well as recommendations regarding areas of improvement and future research.