Communications of the ACM
Microsoft Researcher: Passwords Aren't Dead But They Need Fixing
Advice on creating stronger passwords is easily given, but does not address the harms that users actually face, says Microsoft Research's Cormac Herley.
Credit: CRISSP, NYU-Poly
Password use needs an overhaul that is driven by understanding the damage that can be done when password security is compromised, says Microsoft researcher Cormac Herley. He notes that although there are several methods for beating passwords, including keystroke logging, brute-force attacks, phishing, and session hijacking, it is not known exactly how often each type of attack is used, which is data that needs to be analyzed before password systems can be fixed.
In addition, Herley says researchers need to quantify the harm that password compromise causes and differentiate between the worst case and the average case. Security experts also need to offer better user support for passwords so password use is more secure.
Passwords could be more effective if researchers identify when passwords are ineffective and create a method for evaluating alternative systems, Herley says. "No single alternative technology is likely to possess the combination of security, usability, and economic features that meets all goals in all situations," he says.
From Network World
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found