What is it about?
Billions of individuals use passwords to protect their accounts, however, they are very vulnerable to theft. This paper describes an approach to change how web browsers and websites handle passwords. If adopted, this approach would entirely prevent the theft of passwords. All of this is done with minimal impact on the user experience. Combined with password managers, the proposed approach would shift passwords from being one of the weakest links in security to one of the strongest.
Featured Image
Why is it important?
Billions of individuals use passwords to protect their accounts. If the approach described in this paper were implemented, these individuals' online security would immediately improve. This would not only benefit these individuals' lives but also provide an immediate boon to business and national security.
Perspectives
I hope that this article helps people realize that passwords aren't a security problem. Instead, it is the way that they have been implemented. In my mind, this paper serves to demonstrate that there is meaningful work that can still be done on password-based authentication, and that hardware security tokens and biometrics are not the only pathway forward.
Scott Ruoti
University of Tennessee Knoxville
Read the Original
This page is a summary of: End-to-End Passwords, October 2017, ACM (Association for Computing Machinery),
DOI: 10.1145/3171533.3171542.
You can read the full text:
Contributors
The following have contributed to this page
