Maliheh Shirvanian - Device Enhanced Authentication: Passwords and Second Factors
From Kathryn Gentilello on January 15th, 2019
Despite all the advancement in authentication schemes, text-based authentication is perhaps still the most common way of user authentication (e.g., textual passwords or personal identification numbers - PINs). However, they suffer from several well-documented security issues caused by the user’s poor choices or design inefficiencies influenced by limited human users’ capability. To address the issues accompanying current designs, we proposed a password manager and a two-factor authentication scheme built on top of the Device-Enhanced Password Authenticated Key Exchange (DE-PAKE) cryptographic protocol. In this presentation, Dr. Shirvanian introduces the design, implementation and usability evaluation of these schemes that aim to improve the security and usability of password-only authentication systems against offline dictionary attacks, online guessing attacks, and phishing attacks with the aid of a secondary device/service.