Association for Computing Machinery
Passwords are the only ubiquitous form of authentication currently available on the web. Unfortunately, passwords are insecure. In this paper the authors therefore propose the use of strong cryptography, using the fact that users increasingly own a Smartphone that can perform the required cryptographic operations on their behalf. This is not as trivial as it sounds. Services will not migrate to new forms of authentication if few users have the means to use it. Similarly, users will not acquire the means if there are few services that accept them. Moreover, enabling one's Smartphone to seamlessly sign in at a website when browsing on an arbitrary PC is non-trivial.