MétaCan
Menu
← all works

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

2012· article· en· 1,052 citations· W2030112111 on OpenAlex· 10.1109/sp.2012.44

Why is this work in the frame?

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

Canadian affiliationAn author listed a Canadian institution. This is the only route the usual frame has.
Canadian funderA Canadian agency funded it. The work may carry no Canadian affiliation at all.

Full frame distilled prediction

Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

Candidate categories
none
Consensus categories
none
Domain
Candidate signal: noneConsensus signal: none
Study design
Candidate signal: Theoretical or conceptualConsensus signal: none
Genre
Candidate signal: EmpiricalConsensus signal: none
Teacher disagreement score
0.900
Threshold uncertainty score
0.224
Validation status
machine_predicted_unvalidated · codex-gemma-dda1882f352a

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0030.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0000.000
Open science0.0010.000
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Opus teacher head0.116
GPT teacher head0.402
Teacher spread
0.286 · how far apart the two teachers sit on this one work
Validation status
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it

Abstract

We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

The record

Venue
Topic
User Authentication and Security Systems
Field
Computer Science
Canadian institutions
Carleton University
Funders
Gates Cambridge TrustNatural Sciences and Engineering Research Council of CanadaCanada Research Chairs
Keywords
PasswordComputer scienceComputer securityUsabilityAuthentication (law)LoginPassword policyCognitive passwordWeb applicationWorld Wide WebOne-time passwordHuman–computer interaction
Has abstract in OpenAlex
yes