Passwords: If we're so smart, why are we still using them?

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5628 LNCS, Issue , 2009, Pages 230-237

  Herley, Cormac ^a   Van Oorschot, P C ^b   Patrick, Andrew S ^c  

^a MICROSOFT RESEARCH   (United States)

^b CARLETON UNIVERSITY   (Canada)

^c NATIONAL RESEARCH COUNCIL CANADA   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

ALPHANUMERIC PASSWORDS; DATA SECURITY; INTERNET SECURITY; PANEL DISCUSSIONS;

CRYPTOGRAPHY; INTERNET;

SECURITY OF DATA;

EID: 70350355105     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-03549-4_14     Document Type: Conference Paper

References (20)

1. Anderson, R., Bohme, R., Clayton, R., Moore, T.: Security Economics and the Internal Market. ENISA (European Network and Information Security Agency). Shortened version: Security Economics and European Policy (March 2008)
2. Bank of America - Online Banking. SiteKey at Bank of America, http://www.bankofamerica.com/privacy/sitekey/
3. Bank of America. SafePass: Online Banking Security Enhancements, http://www.bankofamerica.com/privacy/index.cfm?template=learn-about-safepass
4. CA/Browser Forum, http://www.cabforum.org/
5. Chiasson, S.: Usable Authentication and Click-Based Graphical Passwords. PhD thesis, Carleton University, Ottawa, Canada (January 2009)
6. Drimer, S., Murdoch, S.J., Anderson, R.: Thinking Inside the Box: System-level Failures of Tamper Proofing. In: Proc. 2008 IEEE Symposium on Security and Privacy (2008)
7. Drimer, S., Murdoch, S.J., Anderson, R.: Optimised To Fail: Card Readers for Online Banking. In: Financial Cryptography and Data Security (2009)
8. Florêncio, D., Herley, C.: A Large-scale Study of Web Password Habits. In: Proc. of World Wide Web Conference (2007)
9. Florêncio, D., Herley, C., Coskun, B.: Do Strong Web Passwords Accomplish Anything? In: Proc. of Usenix HotSec (2007)
10. Hansell, S.: What's the Password? Only Your iPhone Knows. Bits Blog (Business, Innovation, Technology, Society), The New York Times, March 31 (2009)
11. Herley, C., Florêncio, D.: A Profitless Endeavor: Phishing as Tragedy of the Commons. In: New Security Paradigms Workshop (NSPW) (2008)
12. Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 281-293. Springer, Heidelberg (2007)
13. Jakobsson, M., Myers, S. (eds.): Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. John Wiley and Sons, Chichester (2007)
14. Mannan, M., van Oorschot, P.C.: Security and Usability: The Gap in Real-World Online Banking. In: New Security Paradigms Workshop 2007 (NSPW) (2007)
15. van Oorschot, P.C., Wan, T.: TwoStep: An Authentication Method Combining Text and Graphical Passwords. In: 4th MCETECH Conference on eTechnologies. LNBIP, vol. 26, pp. 233-239. Springer, Heidelberg (2009)
16. Patrick, A.S.: Commentary on research on new security indicators (2007), http://www.andrewpatrick.ca/essays/commentary-on-new-security-indicators/ (retrieved March 3, 2009)
17. Rabkin, A.: Personal Knowledge Questions for Fallback Authentication. In: SOUPS (2008)
18. Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The Emperor's New Security Indicators. In: Proc. 2007 IEEE Symposium on Security and Privacy (2007)
19. Shamir, A.: SecureClick: A Web Payment System with Disposable Credit Card Numbers. In: Financial Cryptography (2001)
20. Sobey, J., Biddle, R., van Oorschot, P.C., Patrick, A.S.: Exporing User Reactions to Browser Cues for Extended Valiation Certificates. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 411-427. Springer, Heidelberg (2008)