Better Authentication: Password Revolution by Evolution

Conference paper

DOI: 10.1007/978-3-319-12400-1_13

Volume 8809 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Thomas D.R., Beresford A.R. (2014) Better Authentication: Password Revolution by Evolution. In: Christianson B., Malcolm J., Matyáš V., Švenda P., Stajano F., Anderson J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science, vol 8809. Springer, Cham

Abstract

We explore the extent to which we can address three issues with passwords today: the weakness of user-chosen passwords, reuse of passwords across security domains, and the revocation of credentials. We do so while restricting ourselves to changing the password verification function on the server, introducing the use of existing key-servers, and providing users with a password management tool. Our aim is to improve the security and revocation of authentication actions with devices and end-points, while minimising changes which reduce ease of use and ease of deployment. We achieve this using one time tokens derived using public-key cryptography and propose two protocols for use with and without an online rendezvous point.

Keywords

Authentication Public-key cryptography Passwords One time token 

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK