Authentication at Scale
Venue
IEEE Security and Privacy, vol. 11 (2013), pp. 15-22
Publication Year
2013
Authors
Eric Grosse, Mayank Upadhyay
BibTeX
Abstract
In working to keep cloud computing users' data safe, we observe many
threats---malware on the client, attacks on ssl, vulnerabilities in web
applications, rogue insiders, espionage---but authentication related issues stand
out amongst the biggest. When trying to help hundreds of millions of people from an
unbelievable variety of endpoints, attitudes, and skill levels, what can possibly
displace plain old passwords? No single thing, nothing overnight, and nothing
perfect. A combination of risk-based checks, second-factor options,
privacy-enhanced client certificates, and different forms of delegation is starting
to find adoption towards making a discernible difference.
