Better authentication: Password revolution by evolution

Daniel R. Thomas, Alastair R. Beresford

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

2 Citations (Scopus)

Abstract

We explore the extent to which we can address three issues with passwords today: the weakness of user-chosen passwords, reuse of passwords across security domains, and the revocation of credentials. We do so while restricting ourselves to changing the password verification function on the server, introducing the use of existing key-servers, and providing users with a password management tool. Our aim is to improve the security and revocation of authentication actions with devices and end-points, while minimising changes which reduce ease of use and ease of deployment. We achieve this using one time tokens derived using public-key cryptography and propose two protocols for use with and without an online rendezvous point.
Original languageEnglish
Title of host publicationSecurity Protocols XXII
EditorsBruce Christianson, James Malcolm, Vashek Matyáš, Petr Švenda, Frank Stajano, Jonathan Anderson
Place of PublicationCham
PublisherSpringer
Pages130-145
Number of pages15
ISBN (Print)9783319124001
DOIs
Publication statusPublished - 29 Oct 2014
EventSecurity Protocols XXII : Cambridge International Workshop on Security Protocols 2014 - Cambridge, United Kingdom
Duration: 19 Mar 201421 Mar 2014

Publication series

NameLNCS
Volume8809

Conference

ConferenceSecurity Protocols XXII : Cambridge International Workshop on Security Protocols 2014
CountryUnited Kingdom
CityCambridge
Period19/03/1421/03/14

Keywords

  • authentication
  • public-key cryptography
  • passwords
  • one time token

Fingerprint Dive into the research topics of 'Better authentication: Password revolution by evolution'. Together they form a unique fingerprint.

Cite this