|
Web Password Recovery : A Necessary Evil?
Date: November 13 2018 Publication: Proceedings of the Future Technology Conference (FTC) 2018 Page(s): 324 - 341 Publisher: Springer-Verlag Source 1: https://arxiv.org/abs/1801.06730 Source 2: https://pure.royalholloway.ac.uk/portal/files/30167272/Web_password_recovery_a_necessary_evil.pdf Source 3: https://dx.doi.org/10.1007/978-3-030-02683-7_23 - Subscription or payment required Abstract or Summary:
Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user authentication. This paper provides a framework within which such systems can be analysed systematically, and uses this to help gain a better understanding of how such systems are best implemented. To this end, a model for web password recovery is given, and existing techniques are documented and analysed within the context of this model. This leads naturally to a set of recommendations governing how such systems should be implemented to maximise security. A range of issues for further research are also highlighted. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |