Passwords and the Evolution of Imperfect Authentication. Bonneau, J., Herley, C., van Oorschot, P., C., & Stajano, F. Communications of the ACM, 58(7):78-87, 2015.
Passwords and the Evolution of Imperfect Authentication [link]Website  abstract   bibtex   
Passwords have dominated human-computer authentication for 50 years despite consensus among researchers that we need something more secure and deserve something more user friendly. Much published research has focused on specific aspects of the problem that can be easily formalized but do not actually havea major influence on real-world design goals, which are never authentication per se, but rather protection of user accounts and sensitive data. As an example of this disconnect, academic research often recommends strict password-composition policies (such as length requirements and mandating digits and nonalphabetic characters) despite the lack of evidence they actually reduce harm.
@article{
 title = {Passwords and the Evolution of Imperfect Authentication},
 type = {article},
 year = {2015},
 identifiers = {[object Object]},
 keywords = {authentication,passwords},
 pages = {78-87},
 volume = {58},
 websites = {http://cacm.acm.org/magazines/2015/7/188731-passwords-and-the-evolution-of-imperfect-authentication/fulltext},
 id = {cddb2814-62cc-37de-af04-75dd50e64908},
 created = {2018-07-12T21:31:49.626Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:31:49.626Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {bonneau:passwords15},
 source_type = {article},
 notes = {Covers good story on evolution of passwords and challenges with proposed or tried alternatives for passwords. Authors also point out faults with many 'good' password advice and suggest tweaks that make the advice more usable. E.g., instead of using different password for each website, a better (and usable) advice is to use different passwords for important websites. Authors also points out that although passwords are a failed technology, it is easier to control and manage stolen/hacked user accounts than move to a new authentication technology. Websites are adding smartness to the back-end to keep number of stolen/hacked accounts in check. The smartness in back-end involves many different things including IP, browser fingerprint, the machine used to access. The authors note that authentication process is increasingly becoming complex and this complexity may case users increased confusion and distress, and may even help phishing. The authors also note that some authentications like biometrics or user-specific classifiers may break some access-control policies like sharing passwords or delegating tasks.},
 private_publication = {false},
 abstract = {Passwords have dominated human-computer authentication for 50 years despite consensus among researchers that we need something more secure and deserve something more user friendly. Much published research has focused on specific aspects of the problem that can be easily formalized but do not actually havea major influence on real-world design goals, which are never authentication per se, but rather protection of user accounts and sensitive data. As an example of this disconnect, academic research often recommends strict password-composition policies (such as length requirements and mandating digits and nonalphabetic characters) despite the lack of evidence they actually reduce harm.},
 bibtype = {article},
 author = {Bonneau, Joseph and Herley, Cormac and van Oorschot, Paul C and Stajano, Frank},
 journal = {Communications of the ACM},
 number = {7}
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021