Issue No. 01 - January/February (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.150
Cormac Herley , Microsoft Research
Paul van Oorschot , Carleton University
Despite countless attempts and near-universal desire to replace them, passwords are more widely used and firmly entrenched than ever. The authors' exploration leads them to argue that no silver bullet will meet all requirements—not only will passwords be with us for some time, but in many instances, they're the solution that best fits the scenario of use. Among broad authentication research directions to follow, they first suggest better means to concretely identify actual requirements (surprisingly overlooked to date) and weight their relative importance in target scenarios. Second, for scenarios where passwords appear to be the best-fit solution, they suggest designing better means to support them. The authors also highlight the need for more systematic research and how the premature conclusion that passwords are dead has led to the neglect of important research questions.
passwords, authentication alternatives, evaluation, systematic research, competing requirements, supporting tools
Cormac Herley, Paul van Oorschot, "A Research Agenda Acknowledging the Persistence of Passwords", IEEE Security & Privacy, vol. 10, no. , pp. 28-36, January/February 2012, doi:10.1109/MSP.2011.150