Issue No.01 - Jan.-Feb. (2013 vol.11)
Eric Grosse , Google
Mayank Upadhyay , Google
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.162
Like many in the industry, the authors believe passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe. Google employs a base level of sophisticated server-side technologies, such as SSL and risk analysis, to protect users with plain old passwords; however, it's also investing in client-side technologies, such as strong authentication with two-step verification using one-time passwords and public-key-based technology, for stronger user and device identification. It's championing various approaches to access delegation, both in its applications and with third parties, so that end user credentials aren't passed around insecurely.
Authentication, Servers, Privacy, Electronic mail, Computer security, Access control, Passwords, delegation, authentication, passwords, second factor, OAuth
Eric Grosse, Mayank Upadhyay, "Authentication at Scale", IEEE Security & Privacy, vol.11, no. 1, pp. 15-22, Jan.-Feb. 2013, doi:10.1109/MSP.2012.162