“We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.”
February 5, 2015 Report From the International Association of Information Technology Asset Managers – “U.S. taxpayers have paid $59 billion for data protection since Fiscal Year 2010, including $10.3 billion in the most recent year under the Federal Information Security Management Act (FISMA). This week, the Obama Administration proposed a $14 billion cybersecurity budget for… Continue Reading
Information science. Going, going, gone: lost Internet references. Dellavalle RP, Hester EJ, Heilig LF, Drake AL, Kuntzman JW, Graber M, Schilling LM, Science (subscription only), October 31, 2003, 302: 787-788. “The use of Internet references in academic literature is common, and Internet references are frequently inaccessible. The extent of Internet referencing and Internet reference activity… Continue Reading
Bret A. Fausett, Partner, Los Angeles Hancock, Rothert & Bunshoft, has published an article on deep linking in New Architect Magazine. A posting on the Tech Law Advisor blog by Kevin J. Heller, Esq. expands on Bret’s views.
The use of crawlers (automated index tools) to mine data from web sites to create market comparison shopping services for subscribers is the focus of this Wall Street Journal article, Are Bots Legal?. An example of such a service is Bargain.com , whose home page proclaims, “Never Pay Retail Again!.” Users may search through categories… Continue Reading