Outsmarting Passwords : An Analysis on the use of Smart Cards for Single Sign-On in Legacy Applications

Abstract: By leveraging smart-cards as a bearer of user credentials for legacy applications the security of these systems can be greatly increased. In this thesis a solution to the problem of legacy applications only allowing username-password authentication is proposed. Storing user-data encrypted on the card and automatically serving it to the required application allows for automatically generated passwords to be used. The backbone of this system is developed. This solution is then analyzed and found to result in a significantly increased level of security.