This qualitative analysis illustrates the authors’ proposed protocols for a password authentication system requiring the user to remember only one login and password. Their protocols would allow access to either a cloud server or mobile device to handle all authentication needs. They analyze how the protocols would be resistant to online dictionary attacks, phishing schemes, cross-site impersonation, and honeypot attacks. They acknowledge that in order to implement their protocols they would need support from large organizations like Microsoft or Google, but they feel confident the code implementation …show more content…
The authors do a review of password authentication history looking at the origins of many of the password rules. They identify two modes of thinking in regards to passwords they deem as outdated. One is the model where a user is creating passwords independently and uniformly from a set of passwords. The other where hackers are attempting security breaches via offline attacks. They argue these outdated models have caused an overemphasis on particular user behaviors that really are not that dangerous. This is a very well written common sense report. It acknowledges that no matter how much they are disdained, nothing beats the password in terms of usability and ease of implementation. It also attacks many of the rules of password management and demonstrate how they are not effective. It actually does advocate password reuse (a rare occurrence) but limits the advice. It only states that passwords should not be reused for “important” accounts but other than that it is ok. The advice is good, but not substantial enough. Still, it is a great article showing that a practical meeting of security concerns and user abilities is …show more content…
It is a quantitative approach, taking 62 undergraduate students studying business and determines their behavior when faced with password composition rules. There were 27 in the control group and 35 in the study. The rules were quite ordinary as they should be eight characters long, not contain personal information, and not be blank or “password”. They also should contain three of the four following characteristics: contain uppercase characters, contain lowercase characters, contain numbers, and contain non-alphanumeric characters. The study found the rules did not reduce the incorporation rate of meaningful information, but that they did reduce the amount of password reuse. However, participants in the study group felt they would have difficulty remembering their password after as little time as one