Authentication at Scale

Eric Grosse; Mayank Upadhyay

doi:10.1109/MSP.2012.162

Security&Privacy
2013
Issue No. 1 - Jan.-Feb.
Abstract - Authentication at Scale

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Eric Grosse Articles by Mayank Upadhyay

Authentication at Scale

Jan.-Feb. 2013 (vol. 11 no. 1)

pp. 15-22

	ASCII Text	x
	Eric Grosse, Mayank Upadhyay, "Authentication at Scale," IEEE Security & Privacy, vol. 11, no. 1, pp. 15-22, Jan.-Feb., 2013.

	BibTex	x
	@article{ 10.1109/MSP.2012.162, author = {Eric Grosse and Mayank Upadhyay}, title = {Authentication at Scale}, journal ={IEEE Security & Privacy}, volume = {11}, number = {1}, issn = {1540-7993}, year = {2013}, pages = {15-22}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2012.162}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Authentication at Scale IS - 1 SN - 1540-7993 SP15 EP22 EPD - 15-22 A1 - Eric Grosse, A1 - Mayank Upadhyay, PY - 2013 KW - Authentication KW - Servers KW - Privacy KW - Electronic mail KW - Computer security KW - Access control KW - Passwords KW - delegation KW - authentication KW - passwords KW - second factor KW - OAuth VL - 11 JA - IEEE Security & Privacy ER -

Eric Grosse, Google

Mayank Upadhyay, Google

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.162

Like many in the industry, the authors believe passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe. Google employs a base level of sophisticated server-side technologies, such as SSL and risk analysis, to protect users with plain old passwords; however, it's also investing in client-side technologies, such as strong authentication with two-step verification using one-time passwords and public-key-based technology, for stronger user and device identification. It's championing various approaches to access delegation, both in its applications and with third parties, so that end user credentials aren't passed around insecurely.

Index Terms:

Authentication,Servers,Privacy,Electronic mail,Computer security,Access control,Passwords,delegation,authentication,passwords,second factor,OAuth

Citation:

Eric Grosse, Mayank Upadhyay, "Authentication at Scale," IEEE Security & Privacy, vol. 11, no. 1, pp. 15-22, Jan.-Feb. 2013, doi:10.1109/MSP.2012.162

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.