@incollection{ year={2014}, isbn={978-3-319-12399-8}, booktitle={Security Protocols XXII}, volume={8809}, series={Lecture Notes in Computer Science}, editor={Christianson, Bruce and Malcolm, James and Matyáš, Vashek and Švenda, Petr and Stajano, Frank and Anderson, Jonathan}, doi={10.1007/978-3-319-12400-1_13}, title={Better Authentication: Password Revolution by Evolution}, url={http://dx.doi.org/10.1007/978-3-319-12400-1_13}, publisher={Springer International Publishing}, keywords={Authentication; Public-key cryptography; Passwords; One time token}, author={Thomas, Daniel R. and Beresford, Alastair R.}, pages={130-145}, language={English} abstract = "We explore the extent to which we can address three issues with passwords today: the weakness of user-chosen passwords, reuse of passwords across security domains, and the revocation of credentials. We do so while restricting ourselves to changing the password verification function on the server, introducing the use of existing key-servers, and providing users with a password management tool. Our aim is to improve the security and revocation of authentication actions with devices and end-points, while minimising changes which reduce ease of use and ease of deployment. We achieve this using one time tokens derived using public-key cryptography and propose two protocols for use with and without an online rendezvous point." }