Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
When the Password Doesn't Work: Secondary Authentication for Websites

Robert Reeder and Stuart Schechter

Abstract

Nearly all websites today use passwords as the primary means of authenticating users. Because passwords can be lost or stolen, most websites also provide secondary authentication: a means to allow users unable to provide the correct password to regain access to their accounts. The consequences of failure - either falsely rejecting the account owner or falsely accepting an impostor - are significant. If the secondary authentication mechanism is the user's last resort, a false reject can mean permanent account loss. If the mechanism's vulnerability to false accepts isn't as strong as that of passwords, the secondary authentication mechanism becomes the weakest link and limits account's security. The authors highlight results of prior work on secondary authentication mechanisms, emphasizing the larger problem of assembling an arsenal of mechanisms that can be customized to fit each user's security and reliability needs.

Details

Publication typeArticle
Published inIEEE Security and Privacy
URLhttp://doi.ieeecomputersociety.org/10.1109/MSP.2011.1
Pages43--49
Volume9
Number2
PublisherIEEE
> Publications > When the Password Doesn't Work: Secondary Authentication for Websites