Passwords, despite being the primary means for users to authenticate on the Web or to a computing device, are marred with several usability and security problems: users nowadays have too many accounts and passwords to remember; typing pass- words correctly can be cumbersome, particularly on touch screen devices. As a result, users often pick simple, easy-to-remember, and easy-to-type passwords and reuse them across different websites. Simple passwords, unfortunately, are also easy-to-guess. Reused passwords can put all of a user’s accounts at risk if any of them are compromised. In this dissertation, I show how to improve the state of passwords and password- based authentication (PBA) systems by incorporating knowledge of real-world passwor...
To date, system research has focused on designing security mechanisms to protect systems access alth...
This paper is part of a graduate course titled ???Cryptography and Secure Communications??? from the...
peer reviewedWe discuss a password-based authentication protocol that we argue to be robust against...
Password has been the dominant authentication scheme for more than 30 years, and it will not be easi...
The need for both usable and secure authentication is more pronounced than ever before. Security res...
213 pagesTargeted attacks using breached credentials exploit the fact that users reuse some semantic...
Passwords have been dominating user authentication for more than half a century, and many researcher...
Passwords are our primary form of authentication. Yet passwords are a major vulnerability for compu...
The average user has between 90-130 online accounts, and around $3 \times 10^{11}$ passwords are in ...
Violations of published strictures on password use have led to widespread unauthorized access to com...
User accounts at Internet services contain a multitude of personal data such as messages, documents,...
The most common mechanism for online authenti- cation is the username-password. Majority of e- comme...
The need for both usable and secure authentication is more pronounced than ever before. Security res...
Despite decades of research into developing abstract security advice and improving interfaces, users...
Password-based authentication is perhaps the most widely used method for user authentication. Passwo...
To date, system research has focused on designing security mechanisms to protect systems access alth...
This paper is part of a graduate course titled ???Cryptography and Secure Communications??? from the...
peer reviewedWe discuss a password-based authentication protocol that we argue to be robust against...
Password has been the dominant authentication scheme for more than 30 years, and it will not be easi...
The need for both usable and secure authentication is more pronounced than ever before. Security res...
213 pagesTargeted attacks using breached credentials exploit the fact that users reuse some semantic...
Passwords have been dominating user authentication for more than half a century, and many researcher...
Passwords are our primary form of authentication. Yet passwords are a major vulnerability for compu...
The average user has between 90-130 online accounts, and around $3 \times 10^{11}$ passwords are in ...
Violations of published strictures on password use have led to widespread unauthorized access to com...
User accounts at Internet services contain a multitude of personal data such as messages, documents,...
The most common mechanism for online authenti- cation is the username-password. Majority of e- comme...
The need for both usable and secure authentication is more pronounced than ever before. Security res...
Despite decades of research into developing abstract security advice and improving interfaces, users...
Password-based authentication is perhaps the most widely used method for user authentication. Passwo...
To date, system research has focused on designing security mechanisms to protect systems access alth...
This paper is part of a graduate course titled ???Cryptography and Secure Communications??? from the...
peer reviewedWe discuss a password-based authentication protocol that we argue to be robust against...