Password-based security       

links

 Jan Camenisch photoAnja Lehmann photoGregory Neven photo

Password-based security - overview


The dramatic increase in headline-grabbing cyberattacks over the past years has made it alarmingly clear that traditional security solutions no longer suffice to protect user data in general and passwords in particular.

It is often claimed that passwords are broken and we should stop using them altogether. We are convinced that this is not true. In our view, passwords are just used incorrectly.

If appropriate cryptographic techniques are applied, passwords are a secure and usable means of authentication.

Therefore, we have developed various cryptographic protocols to restore the security of passwords. One such protocol enables distributed password verification, which makes it significantly more difficult for criminals to steal password databases.

Another protocol uses virtual smartcards, which allow users to authenticate themselves online with virtually the same security guarantees as hardware security tokens, but without all the associated practical inconveniences.