Michael Reiter, James B. Duke Distinguished Professor, Departments of Computer Science and Electrical & Computer Engineering, Duke University
Monday, March 20, 2023, 12:00
- 13:00
Building 9, Level 2, Room 2325 Hall 2.
Despite long-ago predictions (e.g., see Bill Gates, 2004) that other user-authentication technologies would replace passwords, passwords remain not only pervasive but have flourished as the dominant form of account protection, especially at websites such as retailers that require a low-friction user experience. This talk will describe our research on methods to tackle three key ingredients of account takeovers for password-protected accounts today: (i) site database breaches, which is the largest source of stolen passwords for internet sites; (ii) the tendency of users to reuse the same or similar passwords across sites; and (iii) credential stuffing, in which attackers submit breached credentials for one site in login attempts for the same users' accounts at another.