UCAM-CL-TR-817 Technical Report ISSN 1476-2986 Number 817 Computer Laboratory The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano March 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 3 The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes ∗ [FULL LENGTH TECHNICAL REPORT] Joseph Bonneau University of Cambridge Cambridge, UK [email protected] Cormac Herley Microsoft Research Redmond, WA, USA [email protected] Paul C. van Oorschot Carleton University Ottawa, ON, Canada [email protected] Frank Stajanoy University of Cambridge Cambridge, UK [email protected] Abstract—We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals. This report is an extended version of the peer-reviewed paper by the same name. In about twice as many pages it gives full ratings for 35 authentication schemes rather than just 9. Keywords-authentication; computer security; human computer interaction; security and usability; deployability; economics; software engineering. ∗A shorter, peer-reviewed version of this report appeared at the 2012 IEEE Symposium on Security and Privacy [1], which should be cited yFrank Stajano was the lead author who conceived the project and rather than this report wherever appropriate. In addition to the text assembled the team. All authors contributed equally thereafter. common to both versions, this report includes, in Section IV, explicit discussion of the ratings of all the schemes in Table I. 4 CONTENTS I Introduction 5 II Benefits 5 II-A Usability benefits . .6 II-B Deployability benefits . .6 II-C Security benefits . .7 III Evaluating legacy passwords 8 IV Sample evaluation of replacement schemes 9 IV-A Encrypted Password managers . .9 IV-A1 Mozilla Firefox . .9 IV-A2 LastPass . .9 IV-B Proxy-based . 10 IV-B1 URRSA . 10 IV-B2 Impostor . 10 IV-C Federated Single Sign-On . 11 IV-C1 OpenID . 11 IV-C2 Microsoft Passport . 11 IV-C3 Facebook Connect . 12 IV-C4 Mozilla BrowserID . 12 IV-C5 SAW (one-time passwords over email) . 12 IV-D Graphical passwords . 13 IV-D1 Persuasive Cued Clickpoints (PCCP) . 13 IV-D2 PassGo . 14 IV-D3 PassFaces . 14 IV-E Cognitive authentication . 14 IV-E1 GrIDsure . 14 IV-E2 Weinshall . 15 IV-E3 Hopper-Blum . 15 IV-E4 Word association . 16 IV-F Paper tokens . 16 IV-F1 OTPW . 16 IV-F2 S/KEY . 17 IV-F3 PIN + TAN . 17 IV-G Visual crypto tokens . 17 IV-G1 PassWindow . 17 IV-H Hardware tokens . 18 IV-H1 RSA SecurID . 18 IV-H2 YubiKey . 18 IV-H3 IronKey . 19 IV-H4 CAP reader . 19 IV-H5 Pico . 20 IV-H6 Nebuchadnezzar . 20 IV-I Mobile-Phone-based . 21 IV-I1 Phoolproof . 21 IV-I2 Cronto . 21 IV-I3 MP-Auth . 22 IV-I4 OTP over SMS . 22 IV-I5 Google 2-Step . 23 IV-J Biometrics . 23 IV-J1 Fingerprint recognition . 23 IV-J2 Iris recognition . 24 IV-J3 Voice recognition . 24 IV-K Recovery . 24 IV-K1 Traditional personal knowledge questions . 24 IV-K2 Preference-based authentication . 25 IV-K3 Social Re-authentication . 25 V Discussion 26 V-A Rating categories of schemes . 26 V-B Extending the benefits list . 28 V-C Additional nuanced ratings . 28 V-D Weights and finer-grained scoring . 28 V-E Combining schemes . 29 VI Concluding remarks 29 References 30 5 I. INTRODUCTION summary table, we look for clues to help explain why passwords remain so dominant, despite frequent claims of The continued domination of passwords over all other superior alternatives. methods of end-user authentication is a major embarrass- In the past decade our community has recognized a ment to security researchers. As web technology moves tension between security and usability: it is generally easy ahead by leaps and bounds in other areas, passwords to provide more of one by offering less of the other. But stubbornly survive and reproduce with every new web the situation is much more complex than simply a linear site. Extensive discussions of alternative authentication trade-off: we seek to capture the multi-faceted, rather than schemes have produced no definitive answers. one-dimensional, nature of both usability and security in Over forty years of research have demonstrated that our benefits. We further suggest that “deployability”, for passwords are plagued by security problems [2] and lack of a better word, is an important third dimension openly hated by users [3]. We believe that, to make that deserves consideration. We choose to examine all progress, the community must better systematize the three explicitly, complementing earlier comparative sur- knowledge that we have regarding both passwords and veys (e.g., [9]–[11]). their alternatives [4]. However, among other challenges, Our usability-deployability-security (“UDS”) evaluation unbiased evaluation of password replacement schemes is framework and process may be referred to as semi- complicated by the diverse interests of various commu- structured evaluation of user authentication schemes. We nities. In our experience, security experts focus more on take inspiration from inspection methods for evaluating security but less on usability and practical issues related to user interface design, including feature inspections and deployment; biometrics experts focus on analysis of false Nielsen’s heuristic analysis based on usability princi- negatives and naturally-occurring false positives rather ples [12]. than on attacks by an intelligent, adaptive adversary; Each co-author acted as a domain expert, familiar with usability experts tend to be optimistic about security; both the rating framework and a subset of the schemes. and originators of a scheme, whatever their background, For each.