Ideas and solutions for day-to-day security
|1||Steve Vaillancourt||2021||Solving the Problem of Password-Based User Authentication |
This report documents the demonstration of an authenticator application that uses public key encryption to secure access to web applications. Passwords are replaced with digital signatures to initiate authenticated sessions. The authenticator generates and manages private/public keys for the user, and only the public keys need to be shared with the web server. The authentication scheme uses a custom authentication protocol to partially automate the process and alleviate user effort. A new idea is to use the drag&drop functionality of the browsers for entering authentication data. A complete risk analysis based on the Mitre Att&ck Knowledge Base is included in the report.