Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers
Date: December 2014 Publication: The 8th International Conference on Passwords (Passwords14) / Lecture Notes in Computer Science Volume 9393 Page(s): 61 - 73 Publisher: Springer Source 1: http://www.mypico.org/documents/2014-StaSpeJen-pmf.pdf Source 2: http://pico.cl.cam.ac.uk/documents/2014-StaSpeJen-pmf.pdf Source 3: http://dx.doi.org/10.1007/978-3-319-24192-0_4 - Subscription or payment required Abstract or Summary:
Subtle and sometimes baffling variations in the implementation of password-based authentication are widespread on the web. Despite being imperceptible to end users, such variations often require that password managers implement complex heuristics in order to act on the user’s behalf. These heuristics are inherently brittle. As a result, password managers are unnecessarily complex and yet they still occasionally fail to work properly on some websites. In this paper we propose PMF, a specification of simple semantic labels for password-related web forms. These semantic labels allow a software agent such as a password manager to extract meaning, such as which site the login form is for and what field in the form corresponds to the username. Our spec also allows the agent to generate a strong password on the user’s behalf. PMF reduces a password manager’s dependency on complex heuristics, making its operation more effective and dependable and bringing usability and security advantages to users and website operators. PasswordResearch.com Note: Link to project page: http://pmfriendly.org Video of presentation: https://video.adm.ntnu.no/pres/549930a071c7d
Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |