Passwords and the evolution of imperfect authentication

Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, Frank Stajano

Research output: Contribution to journalArticlepeer-review


Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.

Original languageEnglish (US)
Pages (from-to)78-87
Number of pages10
JournalCommunications of the ACM
Issue number7
StatePublished - Jul 1 2015

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Passwords and the evolution of imperfect authentication'. Together they form a unique fingerprint.

Cite this