The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

Bonneau, Joseph; Herley, Cormac; Oorschot, Paul C. van; Stajano, Frank

doi:10.1109/sp.2012.44

articleMay 1, 2012GREEN OA

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

JBJoseph Bonneau CHCormac Herley PCPaul C. van Oorschot FSFrank Stajano

University of Cambridge · Microsoft (United States) · +1 more institution

Indexed incrossrefdatacite

Abstract

We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords…

Citation impact

1,042

total citations

FWCI: 172.67
Percentile: 100%
References: 103

Citations per year

Authors

4

Topics & keywords

Topics

Keywords

Password
Computer science
Computer security
Usability
Authentication (law)
Login
Password policy
Cognitive password

No related works found for this paper.