Abstract
User authentication is a fundamental aspect of security, and a standard requirement on many of the devices and services that people use on a daily basis. However, while a variety of associated technologies exist, none has yet been found to offer the ideal solution for all contexts. This paper examines the authentication landscape, considering passwords and other popular secret knowledge approaches, as well as the alternatives that go beyond this in terms of tokens and biometrics. In all cases, there is a balance to be struck between the security provided and the usability (or tolerability) of the resulting approach, and the discussion also proceeds to examine how further research can support this via non-intrusive authentication solutions operating on both single systems and across multiple devices. While there remains no technique that will perfectly serve all contexts, there is now a richer and more varied choice from which to deliver practical solutions for the user.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Furnell, S.: Password practices on leading websites – revisited, Computer Fraud & Security, pp. 5–11 December 2014
SplashData. 2015. “123456” Maintains the Top Spot on SplashData’s Annual “Worst Passwords” List. SplashData press release, 20 January 2015. http://splashdata.com/press/worst-passwords-of-2014.htm
Furnell, S., Bär, N.: Essential lessons still not learned? examining the password practices of end-users and service providers. In: Proceedings of HCI International 2013, Las Vegas, Nevada, 21–26 July 2013
Haga, W.J., Zviran, M.: Question and answer passwords: an empirical evaluation. Information Systems 16(3), 335–343 (1991)
Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4), 1–25 (2012)
Furnell, S., Clarke, N.: Biometrics: making the mainstream. Biometric Technol. Today 2014(1), 5–9 (2014)
Racoma, J.A.: Android Jelly Bean Face Unlock ‘liveness’ check easily hacked with photo editing, Android Authority, 4 August 2012. http://www.androidauthority.com/android-jelly-bean-face-unlock-blink-hacking-105556/
DARPA: Broad Agency Announcement - Active Authentication DARPA-BAA-12-06. Defense Advanced Research Projects Agency, 12 January 2012
Clarke, N.L., Furnell, S.M.: Advanced User Authentication for Mobile Devices. Comput. Secur. 26(2), 109–119 (2007)
Hocking, C., Furnell, S., Clarke, N., Reynolds, P.: Cooperative user identity very-fication using an Authentication Aura. Comput. Secur. 39, 486–502 (2013). Part B
Fido Alliance: Lenovo, Nok Nok Labs, PayPal, and Validity Lead an Open Industry Alliance to Revolutionize Online Authentication, Press Release, 12 February 2013. https://fidoalliance.org/lenovo-nok-nok-labs-paypal-and-validity-lead-an-open-industry-alliance-to-revolutionize-online-authentication/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Furnell, S.M. (2015). From Passwords to Biometrics: In Pursuit of a Panacea. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-27668-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27667-0
Online ISBN: 978-3-319-27668-7
eBook Packages: Computer ScienceComputer Science (R0)