Passwords and the evolution of imperfect authentication

Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, Frank Stajano

Research output: Contribution to journalArticle

Abstract

Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.

Original languageEnglish (US)
Pages (from-to)78-87
Number of pages10
JournalCommunications of the ACM
Volume58
Issue number7
DOIs
StatePublished - Jul 1 2015

Fingerprint

Authentication

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Bonneau, J., Herley, C., Van Oorschot, P. C., & Stajano, F. (2015). Passwords and the evolution of imperfect authentication. Communications of the ACM, 58(7), 78-87. https://doi.org/10.1145/2699390

Passwords and the evolution of imperfect authentication. / Bonneau, Joseph; Herley, Cormac; Van Oorschot, Paul C.; Stajano, Frank.

In: Communications of the ACM, Vol. 58, No. 7, 01.07.2015, p. 78-87.

Research output: Contribution to journalArticle

Bonneau, J, Herley, C, Van Oorschot, PC & Stajano, F 2015, 'Passwords and the evolution of imperfect authentication', Communications of the ACM, vol. 58, no. 7, pp. 78-87. https://doi.org/10.1145/2699390
Bonneau J, Herley C, Van Oorschot PC, Stajano F. Passwords and the evolution of imperfect authentication. Communications of the ACM. 2015 Jul 1;58(7):78-87. https://doi.org/10.1145/2699390
Bonneau, Joseph ; Herley, Cormac ; Van Oorschot, Paul C. ; Stajano, Frank. / Passwords and the evolution of imperfect authentication. In: Communications of the ACM. 2015 ; Vol. 58, No. 7. pp. 78-87.
@article{6536faa7a95b4e16abb5eaa716a28280,
title = "Passwords and the evolution of imperfect authentication",
abstract = "Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.",
author = "Joseph Bonneau and Cormac Herley and {Van Oorschot}, {Paul C.} and Frank Stajano",
year = "2015",
month = "7",
day = "1",
doi = "10.1145/2699390",
language = "English (US)",
volume = "58",
pages = "78--87",
journal = "Communications of the ACM",
issn = "0001-0782",
publisher = "Association for Computing Machinery (ACM)",
number = "7",

}

TY - JOUR

T1 - Passwords and the evolution of imperfect authentication

AU - Bonneau, Joseph

AU - Herley, Cormac

AU - Van Oorschot, Paul C.

AU - Stajano, Frank

PY - 2015/7/1

Y1 - 2015/7/1

N2 - Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.

AB - Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.

UR - http://www.scopus.com/inward/record.url?scp=84934758795&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84934758795&partnerID=8YFLogxK

U2 - 10.1145/2699390

DO - 10.1145/2699390

M3 - Article

VL - 58

SP - 78

EP - 87

JO - Communications of the ACM

JF - Communications of the ACM

SN - 0001-0782

IS - 7

ER -