Level-1 Exam (Mohammed Jubur)

This is a past event.

Title: On the Security and Usability of Password Managers and Two-Factor Authentication


Passwords are widely used by Internet services to authenticate their users. Unfortunately, passwords suffer from several well-documented security and usability issues. The two of the main techniques to address password problems are: (i) Password managers, a tool that gives a user the option of generating a strong, complex password that is stored and automatically retrieved during login for each internet service, and (ii) two-factor authentication, a second layer of authentication that requires the use of two authentication factors for login (e.g., password and a one-time PIN code generated on the second-factor device, typically a phone). Security experts regularly advise day to day users to deploy these techniques to improve the security of password-based authentication. A higher level goal of this survey is to investigate if indeed password managers and two-factor authentication schemes can help improve security without substantially lowering usability.

The contribution of this survey paper is four-fold. First, we identify the prominent password managers and two-factor authentication schemes from the academic and industry domains. Second, we provide an exposition of the security, privacy, and usability of password managers and two-factor authentication systems. In particular, we argue that the low-effort two-factor authentication schemes do improve the usability of the two-factor login process, but they also introduce fundamental and hidden design vulnerabilities schemes. Third, we evaluate these schemes in terms of security, usability, and privacy, as well as analyze current and emerging research trends and provide directions for future research. For our evaluation, we extend the Bonneau et al. (IEEE S&P 2012) framework (a standard analytical evaluation framework mainly designed to assess the security and usability of authentication schemes in general) to the specifics and unique challenges associated with password managers and two-factor authentication. Fourth, we evaluate the security and usability of the system that combines the password manager and two-factor authentication based on aforementioned evaluation framework. While the focus of this survey is applied in nature, it builds on and spans the foundational elements underlying the usability, security, and privacy of password managers and two-factor authentication, machine learning, human-computer interaction, and cryptographic protocols.

Wednesday, December 4, 2019 at 11:15am to 12:05pm

University Hall, 4002
1402 10th Ave S, Birmingham, Alabama 35294

Event Type

Lectures & Presentations


Research, Science & Technology

Target Audience

Current Students, Faculty & Staff

Department of Computer Science
Google Calendar iCal Outlook

Recent Activity

UAB is an Equal Opportunity/Affirmative Action Employer committed to fostering a diverse, equitable and family-friendly environment in which all faculty and staff can excel and achieve work/life balance irrespective of race, national origin, age, genetic or family medical history, gender, faith, gender identity and expression as well as sexual orientation. UAB also encourages applications from individuals with disabilities and veterans.