Duration: 1 hour 10 minutes
Joseph Bonneau surveys the past few years of research, including his own recent PhD work, on human-computer authentication and passwords in particular, as well as some perspective from his consulting work trying to fix password deployments. While passwords have been derided for decades, a few interesting trends have driven recent research: the availability of massive data sets to analyze human-chosen passwords, the increasing deployment of mobile phones capable of acting as a second authentication factor, and renewed efforts to deploy client-side certificates. Dr. Bonneau argues that passwords will remain with us for the next decade, but the number of organizations deploying passwords will gradually decrease to only a few tech giants. He expects major implications both for how passwords are deployed and how identity works on the web.
Views since archived: 503