Cited By
View all- Pöhn DGruschka NZiegler LBüttner A(2023)A framework for analyzing authentication risks in account networksComputers and Security10.1016/j.cose.2023.103515135:COnline publication date: 1-Dec-2023
Putting the Passe Into Passwords: How Passwordless Technologies Are Reshaping Digital Identity
Abstract
Despite significant flaws, passwords persist as the predominant method to authenticate digital identity. Looks at alternatives to password authentication and explores where password use is headed in the future to ensure privacy and security.
References
[1]
“New report finds 300 billion passwords will be at risk by 2020,” Cybercrime Magazine, Jan. 31, 2017. [Online]. Available: https://cybersecurityventures.com/300-billion-passwords/
[2]
“Millions using 123456 as password, security study finds,” BBC News: Technology, Apr. 21, 2019. [Online]. Available: https://www.bbc.com/news/technology-47974583
[3]
A. Steel, “Passwords are still a problem according to the 2019 Verizon Data Breach Investigations Report,” LastPass, May 21, 2019. [Online]. Available: https://blog.lastpass.com/2019/05/passwords-still-problem-according-2019-verizon-data-breach-investigations-report.html/
[4]
B. Hitaj, P. Gasti, G. Ateniese, and F. Perez-Cruz, PassGAN: A deep learning approach for password guessing. 2017. [Online]. Available:
[5]
“Pass the ticket (ID: T1097),” Mitre ATT&CK, 2017. [Online]. Available: https://attack.mitre.org/techniques/T1097/
[6]
“NIST study shows computerized fingerprint matching is highly accurate,” NIST News, July 6, 2004. [Online]. Available: https://www.nist.gov/news-events/news/2004/07/nist-study-shows-computerized-fingerprint-matching-highly-accurate
[7]
M. Besley, “Biometrics: A guide,” Government Office for Science, London, 2018. [Online]. Available: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/715925/biometrics_final.pdf
[8]
K. Lyons, “FTC says tech behind audio deepfakes is getting better,” Verge, Jan. 2020. [Online]. Available: https://www.theverge.com/2020/1/29/21080553/ftc-deepfakes-audio-cloning-joe-rogan-phone-scams
[9]
A. Turgeman, “Machine learning and behavioral biometrics: A match made in heaven,” Forbes, Jan. 18, 2018. [Online]. Available: https://www.forbes.com/sites/forbestechcouncil/2018/01/18/machine-learning-and-behavioral-biometrics-a-match-made-in-heaven/#23abd2983306
[10]
G. Omale, “Eliminate centrally managed passwords for better security, fewer breaches, lower support costs and enhanced user experience,” Gartner, Stamford, CT, Mar. 6, 2019. [Online]. Available: https://www.gartner.com/smarterwithgartner/embrace-a-passwordless-approach-to-improve-security/
[11]
Z. Doffman, “FBI issues surprise new cyber attack warning: Multi-factor authentication is being defeated,” Forbes, Oct. 7, 2019. [Online]. Available: https://www.forbes.com/sites/zakdoffman/2019/10/07/fbi-issues-surprise-cyber-attack-warningurges-new-precautions/#4c1351157efb
[12]
W. E. Burr et al., Electronic Authentication Guideline (NIST Special Publication 800-63-2). Reston, VA: U.S. Dept. of Commerce, 2013.
[13]
“The passwordless future report,” Okta, San Francisco, 2019. [Online]. Available: https://www.okta.com/passwordlessfuture/thank-you/
[14]
“Guidance: GOV.U.K. Verify,” U.K. Government, Mar. 25, 2020. [Online]. Available: https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify
[15]
“Client to authenticator protocol (CTAP),” FIDO Alliance, Wakefield, MA, Feb. 27, 2018. [Online]. Available: https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html
[16]
“National eIDs of six countries available for the EU citizens to use cross-border,” Shaping Europe’s Digital Future, Nov. 7, 2019. [Online]. Available: https://ec.europa.eu/digital-single-market/en/news/national-eids-six-countries-available-eu-citizens-use-cross-border
[17]
“Human versus machine: Which provides the highest assurance levels?,” Raconteur, London, May 5, 2020. [Online]. Available: https://www.raconteur.net/sponsored/human-versus-machine-which-provides-the-highest-assurance-levels
[18]
S. Cowley, “Banks and retailers are tracking how you type, swipe and tap,” NY Times, Aug. 13, 2018. [Online]. Available: https://www.nytimes.com/2018/08/13/business/behavioral-biometrics-banks-security.html
[19]
M. Samuels, “Photo-based pixie 2FA system takes authentication to a new dimension,” Security Intelligence, Oct. 31, 2017. [Online]. Available: https://securityintelligence.com/news/photo-based-pixie-2fa-system-takes-authentication-to-a-new-dimension/
[20]
D. Gisolfi, “Decentralized identity: An alternative to password-based authentication,” IBM Blockchain Blog, Oct. 5, 2018. [Online]. Available: https://www.ibm.com/blogs/blockchain/2018/10/decentralized-identity-an-alternative-to-password-based-authentication/
[21]
EOSIO, “A passwordless future: Building towards more secure and usable authentication systems,” Medium, Apr. 16, 2019. [Online]. Available: https://medium.com/eosio/a-passwordless-future-building-towards-more-secure-and-usable-authentication-systems-e188f07e4b87
[22]
L. Columbus, “Passwords are the weakest defense in a zero trust world,” Forbes, July 14, 2019. [Online]. Available: https://www.forbes.com/sites/louiscolumbus/2019/07/14/passwords-are-the-weakest-defense-in-a-zero-trust-world/#63bbca365218
[23]
S. Dolev, “The quantum meltdown of encryption,” TechCrunch, Bay Area, CA, July 22, 2018. [Online]. Available: https://techcrunch.com/2018/07/22/the-quantum-meltdown-of-encryption/
[24]
“Get instantaneous behavioral analytics and anomaly detection,” Microsoft, Corp., Redmond, WA, 2020.
[25]
R. Lemos, “Single sign-on still open to attack: An inside look,” TechBeacon, Aug. 7, 2019. [Online]. Available: https://techbeacon.com/security/single-sign-still-open-attack-inside-look
Index Terms
- Putting the Passe Into Passwords: How Passwordless Technologies Are Reshaping Digital Identity
Index terms have been assigned to the content through auto-classification.
Recommendations
Comments
Information & Contributors
Information
Published In
Copyright © 2020.
Publisher
IEEE Computer Society Press
Washington, DC, United States
Publication History
Published: 01 August 2020
Qualifiers
- Discussion
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
Cited By
View all- Pöhn DGruschka NZiegler LBüttner A(2023)A framework for analyzing authentication risks in account networksComputers and Security10.1016/j.cose.2023.103515135:COnline publication date: 1-Dec-2023
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in