Ijlal Loutfi scite author profile

The username-password pair is still a prevalent form of online authentication. However, attacks that are leveraging weak password habits are on the rise. The main response of the security community on the ground is to invest more in educating users. Such an approach leads to believe that the long held assumption stating that an ignorant user is the cause of an inadequate password behavior, still has many opponents. Although different research studies have presented other more likely reasons, practices are still perpetuating the same solution mindset of increasing end users' education. The behavior of users has not improved dramatically over the last decade despite all these efforts. Therefore, this research work explores the hypothesis that knowledge of good password habits is a necessary but not by itself a satisfactory requirement for a safe password behavior. This will be achieved by studying the password habits of the same people advocating for more end user education. To investigate this hypothesis, we conducted a survey targeting an audience of IT professionals with good knowledge about security. The survey results show that cognitive knowledge of password security does not always materialize into practical and secure password practices. The anticipated results would be that confronting IT professionals with their own password practices which fail to adhere to what they preach to end users, will motivate them to let go of their long held assumptions that more education is the solution. This will further support the points made by other studies explaining the rationale behind the inadequate password habits of end users. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques

Loutfi

2019

View full text Add to dashboard Cite

1,2, Pause: Lets Start by Meaningfully Navigating the Current Online Authentication Solutions Space

Loutfi

Jøsang

2015

View full text Add to dashboard Cite

Consuming services online is an exponentially growing trend within different industries. A robust online authentication solution to these services is a critical requirement for establishing trust between end users and service providers. Currently, the shortcomings of password based authentication solutions are well recognized.Hence, many alternative strong authentication solutions are being adopted. However, the latter create a siloed model where each service provider dictates a different method (OTP, SMS...) to end users. To resolve these challenges, considerable efforts are being deployed by both academia and industry. However, assessing these efforts is not a trivial task. This paper provides a framework of a well-motivated set of attributes, for categorizing and assessing online authentication solutions. Based on this framework, two main approaches for online authentication are identified and exemplified: LUCIDMAN and FIDO. The results of this research are anticipated to make the navigation of the online authentication solutions space more systematic, and facilitate knowledge transfer between all stakeholders.

show abstract

Learning-Based Approaches for Forward Kinematic Modeling of Continuum Manipulators

et al. 2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ijlal Loutfi

FIDO Trust Requirements

Passwords Are Not Always Stronger on the Other Side of the Fence

SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques

1,2, Pause: Lets Start by Meaningfully Navigating the Current Online Authentication Solutions Space

Learning-Based Approaches for Forward Kinematic Modeling of Continuum Manipulators

Contact Info

Product

Resources

About