Better authentication: Password revolution by evolution

Abstract

We explore the extent to which we can address three issues with passwords today: the weakness of user-chosen passwords, reuse of passwords across security domains, and the revocation of credentials.We do so while restricting ourselves to changing the password verification function on the server, introducing the use of existing key-servers, and providing users with a password management tool. Our aim is to improve the security and revocation of authentication actions with devices and end-points, while minimising changes which reduce ease of use and ease of deployment.We achieve this using one time tokens derived using public- key cryptography and propose two protocols for use with and without an online rendezvous point.

Publication
Security Protocols XXII