The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - Jan.-Feb. (2013 vol.11)
pp: 15-22
Eric Grosse , Google
ABSTRACT
Like many in the industry, the authors believe passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe. Google employs a base level of sophisticated server-side technologies, such as SSL and risk analysis, to protect users with plain old passwords; however, it's also investing in client-side technologies, such as strong authentication with two-step verification using one-time passwords and public-key-based technology, for stronger user and device identification. It's championing various approaches to access delegation, both in its applications and with third parties, so that end user credentials aren't passed around insecurely.
INDEX TERMS
Authentication, Servers, Privacy, Electronic mail, Computer security, Access control, Passwords, delegation, authentication, passwords, second factor, OAuth
CITATION
Eric Grosse, Mayank Upadhyay, "Authentication at Scale", IEEE Security & Privacy, vol.11, no. 1, pp. 15-22, Jan.-Feb. 2013, doi:10.1109/MSP.2012.162
REFERENCES
1. J. Fallows, “Hacked!,” The Atlantic, Nov. 2011; www.theatlantic.com/magazine/archive/2011/ 11/hacked308673.
2. “Tennessee Man Convicted of Illegally Accessing Sarah Palin's E-mail Account and Obstruction of Justice,” Dept. Justice, 30 Apr. 2010; www.justice.gov/opa/pr/2010/April10-crm-509.html .
3. M. Honan, “How Apple and Amazon Security Flaws Led to My Epic Hacking,” Wired, 6 Aug. 2012; www.wired.com/gadgetlab/2012/08apple-amazon-mat-honan-hacking .
4. K. Bhargavan and A. Delignat-Lavaud, “Web-Based Attacks on Host-Proof Encrypted Storage,” Workshop Offensive Technologies (WOOT 12), Usenix, 2012; http://moscova.inria.fr/~karthik/pubshost_proof_woot12.pdf .
5. F. Pesce, “Lessons Learned from Cracking 2 Million LinkedIn Passwords,” Qualys Security Labs, 8 June 2012; https://community.qualys.com/blogs/securitylabs/ 2012/06/08lessons-learned-from-cracking-2-million-linkedin-passwords .
6. K. Stevens and D. Jackson, “Zeus Banking Trojan Report,” Dell SecureWorks, 11 Mar. 2010; www.secureworks.com/research/threatszeus .
7. “Ensuring Your Information Is Safe Online,” Google Official Blog, 1 June 2011; http://googleblog.blogspot.com/2011/06ensuring-your-information-is-safe.html .
8. J. Fallows, “Gmail's 2-Step Verifications: Some FAQs,” The Atlantic, 9 Aug. 2012; www.theatlantic.com/technology/archive/2012/ 08/gmails-2-step-verification-some-faqs 260934.
9. M. Dietz et al., “Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web,” Usenix Security Symp., Usenix, 2012; https://www.usenix.org/conference/usenixsecurity12 origin-bound-certificates-fresh-approach-strong-client-authentication .
10. B. Laurie, A. Langley, and E. Kasper, “Certificate Transparency,” Internet Engineering Task Force, 29 Nov. 2012; http://tools.ietf.org/htmldraft-laurie-pki-sunlight .
11. D. Hardt, “The OAuth 2.0 Authorization Framework,” Internet Engineering Task Force, 31 July 2012; http://tools.ietf.org/htmldraft-ietf-oauth-v2 .
17 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool