article

A Research Agenda Acknowledging the Persistence of Passwords

Authors:

Cormac Herley,

Paul van OorschotAuthors Info & Claims

IEEE Security and Privacy, Volume 10, Issue 1

Pages 28 - 36

Published: 01 January 2012 Publication History

Abstract

Despite countless attempts and near-universal desire to replace them, passwords are more widely used and firmly entrenched than ever. The authors' exploration leads them to argue that no silver bullet will meet all requirements—not only will passwords be with us for some time, but in many instances, they're the solution that best fits the scenario of use. Among broad authentication research directions to follow, they first suggest better means to concretely identify actual requirements (surprisingly overlooked to date) and weight their relative importance in target scenarios. Second, for scenarios where passwords appear to be the best-fit solution, they suggest designing better means to support them. The authors also highlight the need for more systematic research and how the premature conclusion that passwords are dead has led to the neglect of important research questions.

Cited By

View all

Xie ZShi FZhang MMa HWang HLi ZZhang Y(2024)GuessFuse: Hybrid Password Guessing With Multi-ViewIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337624619(4215-4230)Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3376246
Wang DZou YXiao YMa SChen XCalandrino JTroncoso C(2023)PASS2EDITProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620293(983-1000)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620293
Wang DZou YZhang ZXiu KCalandrino JTroncoso C(2023)Password guessing using random forestProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620292(965-982)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620292
Show More Cited By

Recommendations

System-Assigned Passwords: The Disadvantages of the Strict Password Management Policies

After Morris and Thompson wrote the first paper on password security in 1979, strict password policies have been enforced to make sure users follow the rules on passwords. Many such policies require users to select and use a system-generated password. The ...
Passwords: Stunning Notebook Journal for your Passwords, Usernames and URLs/ 5in. x 8in./ Sturdy softback glossy cover/ 50 white pages (Volume 1)
Passwords decay, words endure: secure and re-usable multiple password mnemonics
SAC '07: Proceedings of the 2007 ACM symposium on Applied computing

Research on password authentication systems has repeatedly shown that people choose weak passwords because of the difficulty of remembering random passwords. Moreover, users with multiple passwords for unrelated activities tend to choose almost similar ...

Comments

Information & Contributors

Information

Published In

IEEE Security and Privacy Volume 10, Issue 1

January 2012

91 pages

ISSN:1540-7993

Issue’s Table of Contents

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 January 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

66
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Xie ZShi FZhang MMa HWang HLi ZZhang Y(2024)GuessFuse: Hybrid Password Guessing With Multi-ViewIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337624619(4215-4230)Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3376246
Wang DZou YXiao YMa SChen XCalandrino JTroncoso C(2023)PASS2EDITProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620293(983-1000)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620293
Wang DZou YZhang ZXiu KCalandrino JTroncoso C(2023)Password guessing using random forestProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620292(965-982)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620292
Shi HZhang WZhang ZDing D(2023)Vulnerability Analysis of Chinese Digital Passwords Related to ATM PIN Using Deep LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.318850520:4(2825-2835)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3188505
Markert PSchnitzler TGolla MDürmuth MChiasson SKapadia A(2022)"As soon as it's a risk, i want to require MFA"Proceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563635(483-501)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563635
Hielscher JKluge AMenges USasse M(2021)“Taking out the Trash”: Why Security Behavior Change requires Intentional ForgettingProceedings of the 2021 New Security Paradigms Workshop10.1145/3498891.3498902(108-122)Online publication date: 25-Oct-2021
https://dl.acm.org/doi/10.1145/3498891.3498902
Christmann MMayer PVolkamer M(2021)Vision: What Johnny learns about Password Security from Videos posted on YouTubeProceedings of the 2021 European Symposium on Usable Security10.1145/3481357.3481528(124-128)Online publication date: 11-Oct-2021
https://dl.acm.org/doi/10.1145/3481357.3481528
Katsini CRaptis GCen AGamagedara Arachchilage NNacke L(2021)Eye-GUAna: Higher Gaze-Based Entropy and Increased Password Space in Graphical User Authentication Through GamificationACM Symposium on Eye Tracking Research and Applications10.1145/3448018.3458615(1-7)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1145/3448018.3458615
Mathis FWilliamson JVaniea KKhamis M(2021)Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and PointingACM Transactions on Computer-Human Interaction10.1145/342812128:1(1-44)Online publication date: 20-Jan-2021
https://dl.acm.org/doi/10.1145/3428121
Alaca FAbdou Avan Oorschot P(2021)Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication SchemesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.290890718:2(534-549)Online publication date: 8-Mar-2021
https://dl.acm.org/doi/10.1109/TDSC.2019.2908907
Show More Cited By

Abstract

Cited By

Recommendations

System-Assigned Passwords: The Disadvantages of the Strict Password Management Policies

Passwords: Stunning Notebook Journal for your Passwords, Usernames and URLs/ 5in. x 8in./ Sturdy softback glossy cover/ 50 white pages (Volume 1)

Passwords decay, words endure: secure and re-usable multiple password mnemonics

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations