Users are asked to generate, memorize, and keep secret a growing number of passwords as they join new password-protected sites over time. Since at least 1997 [6], this trend has been recognized as both a nuisance and a security risk.
Post
Replies:
4
Boosts:
2
https://web.archive.org/web/20061010161657/https://www.cs.princeton.edu/~jhalderm/papers/www2005.pdf
First, they require technical changes on the part of every site that uses them for authentication, something even Microsoft has lacked the clout to achieve on a widespread scale.
so basically i found my new favorite person about an hour ago
Second, users have been cautious about
placing so much trust and privacy-sensitive information under the control of a centralized system.
Many users (including those who should know better) fail to take adequate steps to protect their passwords. Often the cause is not a failure to understand that strong passwords are important, but rather frustration with the difficulty of doing the right thing. In our study we attempted to make
strong password management more convenient. Whereas previous schemes were lacking in either transportability for mobile users or security against brute force attacks, our design achieves a balance of the two by using password strengthening techniques. Our implementation, Password
Multiplier, is available on the web. We encourage novices and experts alike to try it.
One of Necula’s breakthrough achievements in formulating the notion of proof-carrying code was to axiomatize the system very concretely and at a very low level – that of individual machine instructions and memory locations. But we will argue that his specification is actually too abstract!
pissed off that this guy got an nsf young investigator award even if he's literally the most deserving ever cause that should be me
