Better Authentication: Password Revolution by Evolution
- Cite this paper as:
- Thomas D.R., Beresford A.R. (2014) Better Authentication: Password Revolution by Evolution. In: Christianson B., Malcolm J., Matyáš V., Švenda P., Stajano F., Anderson J. (eds) Security Protocols XXII. Security Protocols 2014. Lecture Notes in Computer Science, vol 8809. Springer, Cham
We explore the extent to which we can address three issues with passwords today: the weakness of user-chosen passwords, reuse of passwords across security domains, and the revocation of credentials. We do so while restricting ourselves to changing the password verification function on the server, introducing the use of existing key-servers, and providing users with a password management tool. Our aim is to improve the security and revocation of authentication actions with devices and end-points, while minimising changes which reduce ease of use and ease of deployment. We achieve this using one time tokens derived using public-key cryptography and propose two protocols for use with and without an online rendezvous point.