Passwords and the Evolution of Imperfect Authentication

被引:150
|
作者
Bonneau, Joseph [1 ,2 ]
Herley, Cormac [3 ]
van Oorschot, Paul C. [4 ,5 ]
Stajano, Frank [6 ,7 ,8 ]
机构
[1] Stanford Univ, Stanford, CA 94305 USA
[2] Elect Frontier Fdn, San Francisco, CA USA
[3] Microsoft Res, Redmond, WA USA
[4] Carleton Univ, Comp Sci, Ottawa, ON K1S 5B6, Canada
[5] Carleton Univ, Authenticat & Comp Secur, Sch Comp Sci, Ottawa, ON K1S 5B6, Canada
[6] Univ Cambridge, Secur & Privacy, Cambridge, England
[7] Univ Cambridge, Acad Ctr Excellence Cyber Secur Res, Cambridge, England
[8] Trinity Coll Dublin, Dublin, Ireland
来源
COMMUNICATIONS OF THE ACM | 2015年 / 58卷 / 07期
基金
加拿大自然科学与工程研究理事会; 欧洲研究理事会;
关键词
SECURITY;
D O I
10.1145/2699390
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
PASSWORDS HAVE DOMINATED human-computer authentication for 50 years despite consensus among researchers that we need something more secure and deserve something more user friendly. Much published research has focused on specific aspects of the problem that can be easily formalized but do not actually havea major influence on real-world design goals, which are never authentication per se, but rather protection of user accounts and sensitive data. As an example of this disconnect, academic research often recommends strict password-composition policies (such as length requirements and mandating digits and nonalphabetic characters) despite the lack of evidence they actually reduce harm. We argue that critically revisiting authentication as a whole and passwords' role therein is required to understand today's situation and provide a meaningful
引用
收藏
页码:78 / 87
页数:10
相关论文
共 50 条
  • [31] Trusted mutual authentication scheme with smart cards and passwords
    Yang L.
    Ma J.-F.
    Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China, 2011, 40 (01): : 128 - 133
  • [32] Honeyword-based Authentication Techniques for Protecting Passwords: A Survey
    Chakraborty, Nilesh
    Li, Jianqiang
    Leung, Victor C. M.
    Mondal, Samrat
    Pan, Yi
    Luo, Chengwen
    Mukherjee, Mithun
    ACM COMPUTING SURVEYS, 2023, 55 (08)
  • [33] Universal Multi-Factor Authentication Using Graphical Passwords
    Sabzevar, Alireza Pirayesh
    Stavrou, Angelos
    SITIS 2008: 4TH INTERNATIONAL CONFERENCE ON SIGNAL IMAGE TECHNOLOGY AND INTERNET BASED SYSTEMS, PROCEEDINGS, 2008, : 625 - 632
  • [34] INFINITE ALPHABET PASSWORDS A Unified Model for a Class of Authentication Systems
    Gibson, Marcia
    Conrad, Marc
    Maple, Carsten
    SECRYPT 2010: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2010, : 94 - 99
  • [35] Framework for Multi-factor Authentication with Dynamically Generated Passwords
    Chenchev, Ivaylo
    ADVANCES IN INFORMATION AND COMMUNICATION, FICC, VOL 2, 2023, 652 : 563 - 576
  • [36] Passwords for everyone: Secure mnemonic-based accessible authentication
    Topkara, Umut
    Topkara, Mercan
    Atallah, Mikhail J.
    USENIX ASSOCIATION PROCEEDINGS OF THE 2007 USENIX ANNUAL TECHNICAL CONFERENCE, 2007, : 369 - 374
  • [37] Improving authentication accuracy of unfamiliar passwords with pauses and cues for keystroke dynamics-based authentication
    Hwang, Seong-seob
    Lee, Hyoung-joo
    Cho, Sungzoon
    INTELLIGENCE AND SECURITY INFORMATICS, PROCEEDINGS, 2006, 3917 : 73 - 78
  • [38] A remote user authentication scheme using strong graphical passwords
    Ku, WC
    Tsaur, MJ
    LCN 2005: 30th Conference on Local Computer Networks, Proceedings, 2005, : 351 - 355
  • [39] An Innovative User Authentication Method: Replacements of Text Based Passwords
    Shukla, Varun
    Dixit, Shivani
    Kumar, Ravi
    Patidar, Manish
    INFORMATION SYSTEMS AND MANAGEMENT SCIENCE, ISMS 2021, 2023, 521 : 210 - 224
  • [40] Usability and user authentication: Pictorial passwords vs. pin
    De Angeli, A
    Coventry, L
    Johnson, G
    Coutts, M
    CONTEMPORARY ERGONOMICS 2003, 2003, : 253 - 258
12345