The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

The authors evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deploy ability and security benefits that an ideal scheme might provide. The scope of proposals they survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Their comprehensive approach leads to key insights about the difficulty of replacing passwords.

Resource Details

Provided by:
University of California, Santa Cruz