Passwords and the Evolution of Imperfect Authentication

被引:150
作者
Bonneau, Joseph [1 ,2 ]
Herley, Cormac [3 ]
van Oorschot, Paul C. [4 ,5 ]
Stajano, Frank [6 ,7 ,8 ]
机构
[1] Stanford Univ, Stanford, CA 94305 USA
[2] Elect Frontier Fdn, San Francisco, CA USA
[3] Microsoft Res, Redmond, WA USA
[4] Carleton Univ, Comp Sci, Ottawa, ON K1S 5B6, Canada
[5] Carleton Univ, Authenticat & Comp Secur, Sch Comp Sci, Ottawa, ON K1S 5B6, Canada
[6] Univ Cambridge, Secur & Privacy, Cambridge, England
[7] Univ Cambridge, Acad Ctr Excellence Cyber Secur Res, Cambridge, England
[8] Trinity Coll Dublin, Dublin, Ireland
来源
COMMUNICATIONS OF THE ACM | 2015年 / 58卷 / 07期
基金
欧洲研究理事会; 加拿大自然科学与工程研究理事会;
关键词
SECURITY;
D O I
10.1145/2699390
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
PASSWORDS HAVE DOMINATED human-computer authentication for 50 years despite consensus among researchers that we need something more secure and deserve something more user friendly. Much published research has focused on specific aspects of the problem that can be easily formalized but do not actually havea major influence on real-world design goals, which are never authentication per se, but rather protection of user accounts and sensitive data. As an example of this disconnect, academic research often recommends strict password-composition policies (such as length requirements and mandating digits and nonalphabetic characters) despite the lack of evidence they actually reduce harm. We argue that critically revisiting authentication as a whole and passwords' role therein is required to understand today's situation and provide a meaningful
引用
收藏
页码:78 / 87
页数:10
相关论文
共 50 条
  • [41] New Observations on Zipf's Law in Passwords
    Hou, Zhenduo
    Wang, Ding
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2023, 18 : 517 - 532
  • [42] Video-Passwords: Advertising While Authenticating
    Thorpe, Julie
    Salehi-Abari, Amirali
    Burden, Robert
    PROCEEDINGS OF THE 2012 NEW SECURITY PARADIGMS WORKSHOP (NSPW'12), 2012, : 127 - 140
  • [43] User Perceptions of Five-Word Passwords
    Wu, Xiaoyuan
    Munyendo, Collins W.
    Cosic, Eddie
    Flynn, Genevieve A.
    Legault, Olivia
    Aviv, Adam J.
    PROCEEDINGS OF THE 38TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, ACSAC 2022, 2022, : 605 - 618
  • [44] Analysis of passwords: Towards understanding of strengths and weaknesses
    Albattah, Waleed
    INTERNATIONAL JOURNAL OF ADVANCED AND APPLIED SCIENCES, 2018, 5 (11): : 51 - 60
  • [45] An Integrated Mechanism for Resetting Passwords in Web Applications
    Huang, Ching-Yu
    PROCEEDINGS 2017 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND COMPUTATIONAL INTELLIGENCE (CSCI), 2017, : 50 - 54
  • [46] Group Management of RFID Passwords for Privacy Protection
    Kobayashi, Yuichi
    Kuwana, Toshiyuki
    Taniguchi, Yoji
    Komoda, Norihisa
    ELECTRONICS AND COMMUNICATIONS IN JAPAN, 2009, 92 (10) : 24 - 31
  • [47] Passwords Selected by Hospital Employees: An Investigative Study
    Dawn Medlin, B.
    Corley, Ken
    Adriana Romaniello, B.
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2011, 2 (11) : 77 - 81
  • [48] Graphical Passwords: Learning from the First Twelve Years
    Biddle, Robert
    Chiasson, Sonia
    Van Oorschot, P. C.
    ACM COMPUTING SURVEYS, 2012, 44 (04)
  • [49] A ProActive Approach for Generating Random Passwords for Information Protection
    Bafna, Abhishek
    Kumar, Sandeep
    2ND INTERNATIONAL CONFERENCE ON COMPUTER, COMMUNICATION, CONTROL AND INFORMATION TECHNOLOGY (C3IT-2012), 2012, 4 : 129 - 133
  • [50] Finding the Middle Ground: Measuring Passwords for Security and Memorability
    Rodriguez, Joshua J.
    Zibran, Minhaz F.
    Eishita, Farjana Z.
    2022 IEEE/ACIS 20TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING RESEARCH, MANAGEMENT AND APPLICATIONS (SERA), 2022, : 77 - 82
12345