Web Password Recovery : A Necessary Evil?
Authors: Fatma Al Maqbali, Chris J. Mitchell

Date: November 13 2018
Publication: Proceedings of the Future Technology Conference (FTC) 2018
Page(s): 324 - 341
Publisher: Springer-Verlag
Source 1: https://arxiv.org/abs/1801.06730
Source 2: https://pure.royalholloway.ac.uk/portal/files/30167272/Web_password_recovery_a_necessary_evil.pdf
Source 3: https://dx.doi.org/10.1007/978-3-030-02683-7_23 - Subscription or payment required

Abstract or Summary:
Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user authentication. This paper provides a framework within which such systems can be analysed systematically, and uses this to help gain a better understanding of how such systems are best implemented. To this end, a model for web password recovery is given, and existing techniques are documented and analysed within the context of this model. This leads naturally to a set of recommendations governing how such systems should be implemented to maximise security. A range of issues for further research are also highlighted.

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019 PasswordResearch.com