1 minute read
5.1 Introduction
from The Blue Book
5 Authentication - Beyond Passwords
5.1 Introduction
Advertisement
Nowadays, the increasing use of cyberspace requires each person to have several accounts in order to access the systems and web applications necessary for everyday activities. One of the oldest protection mechanisms of systems and web applications is the authentication method, where the user is asked to prove his/her identity to gain access. The most common method of authentication by a system or an application is via the so-called username-password method. In this method, the user has to provide the username and the password that were chosen during the account creation process (registration). Despite the fact that username-password is one of the oldest authentication methods, it is still used by almost every system and application (both online and offline). For instance, a doctor in a hospital deploys the username-password method to access her account in both the hospital and an online shop. During the past few years, the number of accounts each user maintains has greatly increased; consequently, users find it difficult to memorize and manage all these passwords. A recent study by NordPass showed that an average person has 100 different passwords to remember, leading to a problem called password overload [199]. Moreover, the username-password paradigm is subject to various cyber-attacks, such as recovering a password from its leaked hash through brute force (password cracking), recovering a password when transmitted through an untrusted channel (eavesdropping), tricking a user into entering his/her password on an untrusted or compromised endpoint (phishing websites, ATM skimmers), or allowing the use of default passwords that can be used by adversaries [28] [174] [8] [83].
