Passwords and the Evolution of Imperfect Authentication

被引：150

作者：

Bonneau, Joseph ^{[1
,2
]}

Herley, Cormac ^{[3
]}

van Oorschot, Paul C. ^{[4
,5
]}

Stajano, Frank ^{[6
,7
,8
]}

机构：

[1] Stanford Univ, Stanford, CA 94305 USA

[2] Elect Frontier Fdn, San Francisco, CA USA

[3] Microsoft Res, Redmond, WA USA

[4] Carleton Univ, Comp Sci, Ottawa, ON K1S 5B6, Canada

[5] Carleton Univ, Authenticat & Comp Secur, Sch Comp Sci, Ottawa, ON K1S 5B6, Canada

[6] Univ Cambridge, Secur & Privacy, Cambridge, England

[7] Univ Cambridge, Acad Ctr Excellence Cyber Secur Res, Cambridge, England

[8] Trinity Coll Dublin, Dublin, Ireland

来源：

COMMUNICATIONS OF THE ACM | 2015年 / 58卷 / 07期

基金：

加拿大自然科学与工程研究理事会; 欧洲研究理事会;

关键词：

SECURITY;

D O I：

10.1145/2699390

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

PASSWORDS HAVE DOMINATED human-computer authentication for 50 years despite consensus among researchers that we need something more secure and deserve something more user friendly. Much published research has focused on specific aspects of the problem that can be easily formalized but do not actually havea major influence on real-world design goals, which are never authentication per se, but rather protection of user accounts and sensitive data. As an example of this disconnect, academic research often recommends strict password-composition policies (such as length requirements and mandating digits and nonalphabetic characters) despite the lack of evidence they actually reduce harm. We argue that critically revisiting authentication as a whole and passwords' role therein is required to understand today's situation and provide a meaningful

引用

页码：78 / 87

页数：10

共 50 条

[1] PASSWORDS PHILOLOGY, SECURITY, AUTHENTICATION
Lennon, Brian
DIACRITICS-A REVIEW OF CONTEMPORARY CRITICISM, 2015, 43 (01): : 82 - 107
[2] PASSWORDS: PHILOLOGY, SECURITY, AUTHENTICATION
Baetens, Jan
LEONARDO, 2019, 52 (02) : 205 - 206
[3] Passwords: Philology, Security, Authentication
Dillon, Michael
SYMPLOKE, 2020, 28 (1-2) : 596 - 598
[4] Passwords: Philology, Security, Authentication
Jackson, Mitch K.
SURVEILLANCE & SOCIETY, 2021, 19 (02) : 279 - 281
[5] MESSAGE AUTHENTICATION AND DYNAMIC PASSWORDS
BEKER, HJ
COLE, GM
LECTURE NOTES IN COMPUTER SCIENCE, 1988, 304 : 171 - 175
[6] Passwords: Philology, Security, Authentication
Huskey, Samuel J.
TECHNOLOGY AND CULTURE, 2019, 60 (04) : 1126 - 1127
[7] Passwords: Philology, Security, Authentication
Vadde, Aarthi
AMERICAN LITERATURE, 2020, 92 (04) : 820 - 824
[8] Passwords: Philology, Security, Authentication.
Slater, Avery
CRITICAL INQUIRY, 2021, 47 (02) : 422 - 423
[9] Are Graphical Authentication Mechanisms As Strong As Passwords?
Renaud, Karen
Mayer, Peter
Volkamer, Melanie
Maguire, Joseph
2013 FEDERATED CONFERENCE ON COMPUTER SCIENCE AND INFORMATION SYSTEMS (FEDCSIS), 2013, : 837 - 844
[10] Wireless Authentication using Remote Passwords
Harding, Andrew
van der Horst, Timothy W.
Seamons, Kent E.
WISEC'08: PROCEEDINGS OF THE FIRST ACM CONFERENCE ON WIRELESS NETWORK SECURITY, 2008, : 24 - 29

← 1 2 3 4 5 →