There is growing discomfort about password-based authentication, and passwords are declared « dead » on a regular basis. However, passwords are still the most widely used tool for user authentication on the Internet. In this talk we will have a closer look on the current state of user authentication, and will discuss several variants to strengthen user authentication. One specifically interesting approach is to use additional signals such as source IP, geo-location, or browser configuration. These allow a service to estimate the risk of a malicious login and to take appropriate countermeasures. This requires minimal changes to the user experience, and is used in practice by several services.
Markus Dürmuth is assistant professor and head of the mobile security group at Ruhr University Bochum. Previously, he was a Postdoctoral Researcher at Ruhr University Bochum and a Postdoctoral Scholar at the Theory Group at the Department of Computer Science of Stanford University. He received his PhD from the Saarland University, Germany, where he was in the Information Security and Cryptography Group at the Computer Science Department, and he studied Math and Computer Science at the University of Karlsruhe, Germany.