The problem is that passwords are a rubbish way of authenticating, and there has been a lot of work trying to deal with this. One of the problems is that if you have a shared secret scheme then you need a different secret for every pair of things. For every user they need a different secret per thing they are authenticating to. If they have several of devices then they need one set of these per device as well, so that if one of them is compromised then you don't lose everything. However revocation and key management are then difficult. The problem with passwords is that you still have to use them because lots of things require a password input, and it's hard to change that.
|Title of host publication||Security Protocols XXII|
|Subtitle of host publication||22nd International Workshop, Cambridge, UK, March 19-21, 2014, Revised Selected Papers|
|Editors||Bruce Christianson, James Malcolm, Vashek Matyáš, Petr Švenda, Frank Stajano, Jonathan Anderson|
|Place of Publication||Cham, Switzerland|
|Number of pages||8|
|Publication status||Published - 29 Oct 2014|
- key management