A Review of Password-less User Authentication Schemes

• URL: http://arxiv.org/abs/2312.02845v1
• Date: Tue, 5 Dec 2023 15:57:40 GMT
• Title: A Review of Password-less User Authentication Schemes
• Authors: Tunde Oduguwa, Abdullahi Arabo,
• Abstract summary: Review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004. We evaluate the truly password-less and practical schemes based on their impact on user experience, overall security, and ease of deployment.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience. This review examines password-less authentication schemes that have been proposed since after the death knell was placed on passwords in 2004. We start with a brief discussion of the requirements of authentication systems and then identify various password-less authentication proposals to date. We then evaluate the truly password-less and practical schemes using a framework that examines authentication credentials based on their impact on user experience, overall security, and ease of deployment. The findings of this review observe a difficulty in balancing security with a user experience compared to that of passwords in new password-less schemes, providing the opportunity for new applied research to leverage existing knowledge and combine technologies and techniques in innovative ways that can address this imbalance.

Related papers

• Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
  We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords. Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
  arXiv  Detail & Related papers  (2024-05-24T07:51:15Z)
• Systematic Solutions to Login and Authentication Security Problems: A Dual-Password Login-Authentication Mechanism [0.0]
  Credential theft and remote attacks are the most serious threats to user authentication mechanisms. We design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. The authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks.
  arXiv  Detail & Related papers  (2024-04-02T10:05:47Z)
• Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts [0.0]
  This paper presents a study on the account settings of Google and Apple users. Considering the multi-factor authentication configuration and recovery options, we analyzed the account security and lock-out risks. Our results provide insights into the usage of multi-factor authentication in practice, show significant security differences between Google and Apple accounts, and reveal that many users would miss access to their accounts when losing a single authentication device.
  arXiv  Detail & Related papers  (2024-03-22T10:05:37Z)
• A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
  We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
  arXiv  Detail & Related papers  (2024-02-20T09:55:20Z)
• ROSTAM: A Passwordless Web Single Sign-on Solution Mitigating Server Breaches and Integrating Credential Manager and Federated Identity Systems [0.0]
  We envision a passwordless future which provides a frictionless and trustworthy online experience for users by integrating credential management and federated identity systems. In this regard, our implementation ROSTAM offers a dashboard that presents all applications the user can access with a single click after a passwordless SSO. The security of web passwords on the credential manager is ensured with a Master Key, rather than a Master Password, so that encrypted passwords can remain secure even if stolen from the server.
  arXiv  Detail & Related papers  (2023-10-08T16:41:04Z)
• PassViz: A Visualisation System for Analysing Leaked Passwords [2.2530496464901106]
  PassViz is a command-line tool for visualising and analysing leaked passwords in a 2-D space. We show how PassViz can be used to visually analyse different aspects of leaked passwords and to facilitate the discovery of previously unknown password patterns.
  arXiv  Detail & Related papers  (2023-09-22T16:06:26Z)
• PassGPT: Password Modeling and (Guided) Generation with Large Language Models [59.11160990637616]
  We present PassGPT, a large language model trained on password leaks for password generation. We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
  arXiv  Detail & Related papers  (2023-06-02T13:49:53Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)
• Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
  The choice of password composition policy to enforce on a password-protected system represents a critical security decision. In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone. We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
  arXiv  Detail & Related papers  (2020-07-07T22:12:13Z)
• Lost in Disclosure: On The Inference of Password Composition Policies [43.17794589897313]
  We study how password composition policies influence the distribution of user-chosen passwords on a system. We suggest a simple approach that produces more reliable results. We present pol-infer, a tool that implements this approach, and demonstrates its use inferring password composition policies.
  arXiv  Detail & Related papers  (2020-03-12T15:27:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.