Web Password Recovery : A Necessary Evil?
Date: November 13 2018
Publication: Proceedings of the Future Technology Conference (FTC) 2018
Page(s): 324 - 341
Source 1: https://arxiv.org/abs/1801.06730
Source 2: https://pure.royalholloway.ac.uk/portal/files/30167272/Web_password_recovery_a_necessary_evil.pdf
Source 3: https://dx.doi.org/10.1007/978-3-030-02683-7_23 - Subscription or payment required
Abstract or Summary:
Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user authentication. This paper provides a framework within which such systems can be analysed systematically, and uses this to help gain a better understanding of how such systems are best implemented. To this end, a model for web password recovery is given, and existing techniques are documented and analysed within the context of this model. This leads naturally to a set of recommendations governing how such systems should be implemented to maximise security. A range of issues for further research are also highlighted.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.