3rd International ICST Conference on Security and Privacy in Communication Networks

Research Article

Simple Authentication for the Web

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550369,
        author={Timothy W. van der Horst and Kent E. Seamons},
        title={Simple Authentication for the Web},
        proceedings={3rd International ICST Conference on Security and Privacy in Communication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2008},
        month={6},
        keywords={Authentication  Costs  Electronic mail  Identity management systems  Internet  Protection  Protocols  Risk management  Security  Surface acoustic waves},
        doi={10.1109/SECCOM.2007.4550369}
    }
    
  • Timothy W. van der Horst
    Kent E. Seamons
    Year: 2008
    Simple Authentication for the Web
    SECURECOMM
    IEEE
    DOI: 10.1109/SECCOM.2007.4550369
Timothy W. van der Horst1,*, Kent E. Seamons1,*
  • 1: Internet Security Research Lab Brigham Young University
*Contact email: timv@cs.byu.edu, seamons@cs.byu.edu

Abstract

Automated email-based password reestablishment (EBPR) is an efficient, cost-effective means to deal with forgotten passwords. In this technique, email providers authenticate users on behalf of web sites. This method works because web sites trust email providers to deliver messages to their intended recipients. Simple Authentication for the Web (SAW) improves upon this basic approach to user authentication to create an alternative to password-based logins. SAW: 1) Removes the setup and management costs of passwords at EBPR-enabled sites; 2) Provides single sign-on without a specialized identity provider; 3) Thwarts passive attacks and raises the bar for active attacks; 4) Enables easy, secure sharing and collaboration without passwords; 5) Provides intuitive delegation and revocation of authority; and 6) Facilitates client-side auditing.