Passwords and the evolution of imperfect authentication

Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, Frank Stajano

Research output: Contribution to journalArticle


Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.

Original languageEnglish (US)
Pages (from-to)78-87
Number of pages10
JournalCommunications of the ACM
Issue number7
StatePublished - Jul 1 2015


ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Bonneau, J., Herley, C., Van Oorschot, P. C., & Stajano, F. (2015). Passwords and the evolution of imperfect authentication. Communications of the ACM, 58(7), 78-87.