The operating environment of this tutorial: windows7 system, Dell G3 computer.
What is the cipher dynamic password?
The dynamic password is a password that changes at any time. Since the password entered each time is not fixed, even if Even if your password is stolen once, there will be no loss. A cipher is a piece of hardware or software that obtains passwords. The cipher dynamic password is the password generated by the cipher in real time.
Hardware ciphers are mostly used for banking services. For example, ICBC Online Banking Electronic Password Device is the first new security tool launched by ICBC after U-Shield and Password Card. It has a hardware medium with built-in power supply and password generation chip, external display screen and numeric keyboard, and can generate dynamic passwords. No need to install any programs, it can be used in electronic banking and other channels.
For online banking users who have not applied for certificates, banks usually use dynamic passwords to ensure the security of user accounts. When users need to operate funds in their accounts, they need to use dynamic passwords. The dynamic password (dynamic password) can be obtained from the online banking electronic password device.
Software cipher, mostly used for account authentication and account login. For example, we commonly use mobile phone verification codes. When we click to send the verification code, the software password generator will generate a dynamic password and send it to the mobile phone. Therefore, the verification code received by the mobile phone is a kind of dynamic password. Entering the verification code within a certain period of time can verify the identity without a password.
Currently, mobile phone verification codes have been widely used in our lives. If you bind a mobile phone account, you can use the verification code to log in directly, such as WeChat, QQ, and Baidu accounts. You only need to enter the verification code of your mobile phone to log in to your account.
However, the mobile phone verification code is a dynamic password based on the mobile phone number. The dynamic passwords (generated verification codes) of accounts and ciphers are all mobile phone numbers. Once the mobile phone is lost or the mobile phone number is stolen, those accounts that only need the mobile phone verification code to log in can easily be logged in by others, causing some inconveniences. necessary losses.
# Hardware ciphers are inconvenient to carry and easy to lose. However, the hardware cipher and the account number are separated and have higher security, so they are often used in banking services.
Extended knowledge:
Classification of dynamic passwords:
Dynamic passwords include dynamic password cards , dynamic password and mobile phone dynamic password 3 ways.
Dynamic Password Card
Dynamic Password Card is also called a scratch card. It looks like a bank card and has a number of strings printed in a matrix form. When customers use e-banking to conduct payment transactions such as external transfers, B2C shopping, and payment, the e-banking system will randomly give a set of password card coordinates. The customer finds the password combination from the card based on the coordinates and enters it into the e-banking system. Only the password combination is entered. Only the correct customer can complete the relevant transaction. This password combination is valid once and becomes invalid after the transaction is completed.
Dynamic Password Token
The dynamic password token looks like the size of a U disk. It is a built-in power supply, password generation chip and display screen. It generates signals at certain intervals according to a special algorithm. Special hardware that automatically updates dynamic passwords over time. The dynamic password changes every 60 seconds. Just follow the system prompts and enter the password displayed on the current password token. Bank of China uses this method, which is called BOC e-order.
Mobile phone dynamic password
Mobile phone dynamic password is to bind online banking to the mobile phone number when applying for online banking. When the user performs online payment or fund transfer operations, The system will automatically generate a password and send it to the bound mobile phone in the form of a text message. Enter the mobile phone password on the payment page to complete the transaction.
Characteristics of dynamic passwords
(1) No need to remember
Forgetting passwords is a headache for many people. With the popularity of network applications, more and more passwords need to be remembered by people. Dynamic password cards eliminate the need for users to remember multiple passwords [2] .
(2) Double insurance
DKEY dynamic password authentication system adopts a two-factor authentication mechanism. Even if the user loses the dynamic password card and account at the same time, there will be no loss [2] .
(3) Get informed quickly
Under the traditional authentication mechanism, user passwords are often lost or stolen without knowing it. The harm is only noticed after it occurs, and the only way to remedy the situation is to make up for it. Once the dynamic password token is lost, the user will immediately discover it and report the loss in time to prevent problems before they occur [2] .
(4) "solid" both internally and externally
Among intruders in information systems, internal intruders account for more than 80%. As far as e-commerce sites are concerned, the weakest link in information security is internal defense. For example, network administrators can also obtain user confidential information through normal authorization, which is undoubtedly a threat to user information security. The dynamic password authentication system completely leaves key generation and management to the system automatically, which minimizes human factors, effectively prevents insiders from committing crimes, and makes the system security as strong as internal and external [2].
(5) Simple and easy
IC card authentication, CA authentication, and fingerprint authentication all require the cooperation of special terminal authentication equipment, and the scope of application is greatly restricted. The more commonly used USKKEY also It needs to be plugged into a computer and cannot be used by phone transactions with a large number of users. Dynamic password tokens can be implemented on any device that can input decimal numbers and are easy to use [2] .
The system is relatively independent, has a simple interface, and is easy to interface with the existing e-commerce site authentication system. It uses a dedicated dynamic password authentication server for authentication to ensure the integrity of the existing application system and protect system resources.
For more related knowledge, please visit the FAQ column!
The above is the detailed content of What is the cipher dynamic password?. For more information, please follow other related articles on the PHP Chinese website!