The Persistence of Passwords and Evaluating Authentication Alternatives

  • Paul Van Oorschot | Carleton University

An overwhelming number of authentication technologies have been proposed to replace passwords over the past 20 years. The published claims of superiority of each are refuted by the continued dominance of text passwords for user authentication on the web. What explains this disconnect between researchers and the real world? The answer is many-fold, and includes not only problem definition – but also evaluation criteria, which we assert the security research community lacks consensus on, and only a small subset of which are considered in most research papers. Our exploration considers numerous examples from a broad spectrum of authentication schemes, and suggests a framework and methodology for comparative evaluation.

Speaker Details

Paul C. Van Oorschot is a Professor of Computer Science at Carleton University in Ottawa, where he is Canada Research Chair in Authentication and Computer Security. He is a Fellow of the Royal Society of Canada (FRSC), Canada’s national academy. He was Program Chair of USENIX Security 2008, Program co-Chair of NDSS 2001 and 2002, co-author of the Handbook of Applied Cryptography (2001), and is on the editorial board of IEEE TDSC, IEEE TIFS, and previously ACM TISSEC. He is the Scientific Director of NSERC ISSNet, a pan-Canadian strategic research network exploring computer and Internet security. His current research interests include authentication and identity management, security and usability, smartphone security, software security, and generally computer and Internet security

    • Portrait of Jeff Running

      Jeff Running

Series: Microsoft Research Talks