Passwords and the Evolution of Imperfect Authentication

被引：150

作者：

Bonneau, Joseph ^{[1
,2
]}

Herley, Cormac ^{[3
]}

van Oorschot, Paul C. ^{[4
,5
]}

Stajano, Frank ^{[6
,7
,8
]}

机构：

[1] Stanford Univ, Stanford, CA 94305 USA

[2] Elect Frontier Fdn, San Francisco, CA USA

[3] Microsoft Res, Redmond, WA USA

[4] Carleton Univ, Comp Sci, Ottawa, ON K1S 5B6, Canada

[5] Carleton Univ, Authenticat & Comp Secur, Sch Comp Sci, Ottawa, ON K1S 5B6, Canada

[6] Univ Cambridge, Secur & Privacy, Cambridge, England

[7] Univ Cambridge, Acad Ctr Excellence Cyber Secur Res, Cambridge, England

[8] Trinity Coll Dublin, Dublin, Ireland

来源：

COMMUNICATIONS OF THE ACM | 2015年 / 58卷 / 07期

基金：

加拿大自然科学与工程研究理事会; 欧洲研究理事会;

关键词：

SECURITY;

D O I：

10.1145/2699390

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

PASSWORDS HAVE DOMINATED human-computer authentication for 50 years despite consensus among researchers that we need something more secure and deserve something more user friendly. Much published research has focused on specific aspects of the problem that can be easily formalized but do not actually havea major influence on real-world design goals, which are never authentication per se, but rather protection of user accounts and sensitive data. As an example of this disconnect, academic research often recommends strict password-composition policies (such as length requirements and mandating digits and nonalphabetic characters) despite the lack of evidence they actually reduce harm. We argue that critically revisiting authentication as a whole and passwords' role therein is required to understand today's situation and provide a meaningful

引用

页码：78 / 87

页数：10

共 50 条

[21] Encoding Passwords using QR Image for Authentication
Istyaq, Salim
Umar, Mohammad Sarosh
PROCEEDINGS ON 2016 2ND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2016, : 818 - 823
[22] Usability of the login authentication process: passphrases and passwords
Bhana, Bhaveer
Flowerday, Stephen Vincent
INFORMATION AND COMPUTER SECURITY, 2022, 30 (02) : 280 - 305
[23] Two Factor Authentication using EEG Augmented Passwords
Svogor, Ivan
Kisasondi, Tonimir
PROCEEDINGS OF THE ITI 2012 34TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY INTERFACES (ITI), 2012, : 373 - 378
[24] Investigating the Viability of Multifactor Graphical Passwords for User Authentication
Jali, Mohd Zalisham
Furnell, Steven M.
Dowland, Paul S.
INFORMATION SECURITY JOURNAL, 2014, 23 (1-2): : 10 - 21
[25] Beyond Passwords-Challenges and Opportunities of Future Authentication
Alt, Florian
Schneegass, Stefan
IEEE SECURITY & PRIVACY, 2022, 20 (01) : 82 - 86
[26] TwoStep: An Authentication Method Combining Text and Graphical Passwords
van Oorschot, P. C.
Wan, Tao
E-TECHNOLOGIES-INNOVATION IN AN OPEN WORLD, 2009, 26 : 233 - 239
[27] Authentication Protocols Based on One-Time Passwords
Babkin, Sergey
Epishkina, Anna
PROCEEDINGS OF THE 2019 IEEE CONFERENCE OF RUSSIAN YOUNG RESEARCHERS IN ELECTRICAL AND ELECTRONIC ENGINEERING (EICONRUS), 2019, : 1794 - 1798
[28] Improvement of remote user authentication schemes using passwords
School of Electronics and Information Engineering, Beijing University of Aeronautics and Astronautics, Beijing 100191, China
Beijing Hangkong Hangtian Daxue Xuebao, 2008, 9 (1037-1040):
[29] Simple authentication methods with pseudo IDs and derivative passwords
Suga, Yuji
2020 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS - TAIWAN (ICCE-TAIWAN), 2020,
[30] The Quest to Replace Passwords Revisited - Rating Authentication Schemes
Zimmermann, V.
Gerber, N.
Kleboth, M.
von Preuschen, A.
Schmidt, K.
Mayer, P.
PROCEEDINGS OF THE TWELFTH INTERNATIONAL SYMPOSIUM ON HUMAN ASPECTS OF INFORMATION SECURITY & ASSURANCE (HAISA 2018), 2018, : 38 - 48

← 1 2 3 4 5 →