Distinguished Guest Speaker: Mike Reiter
480 Dreese Labs
2015 Neil Ave, Columbus, Ohio 43210
How to end password reuse on the web
Despite predictions of their demise for decades, passwords remain as the most common form of user authentication to computers in use today. Methods to improve their selection have been widely studied, with the curious exception of one critical aspect: users tend to reuse the same or similar passwords across accounts, a fact that is a key enabler for the vast majority of credential abuse on the web today. In this talk, we will propose a framework by which websites could coordinate to make it difficult for users to set similar passwords at these websites. Though the design of such a framework is fraught with risks to users’ security and privacy, we show that these risks can be effectively mitigated through careful scoping of the goals for such a framework and through principled design, drawing on techniques from cryptography, model checking, anonymous communication, and others. We argue that if such a framework were deployed among even relatively few large websites, it would break the culture of password reuse on the web today.
Bio: Michael Reiter is the Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill (UNC). He received the B.S. degree in mathematical sciences from UNC in 1989, and the M.S. and Ph.D. degrees in Computer Science from Cornell University in 1991 and 1993, respectively. He joined AT&T Bell Labs in 1993 and became a founding member of AT&T Labs – Research when NCR and Lucent Technologies (including Bell Labs) were split away from AT&T in 1996. He then returned to Bell Labs in 1998 as Director of Secure Systems Research. In 2001, he joined Carnegie Mellon University as a Professor of Electrical & Computer Engineering and Computer Science, where he was also the founding Technical Director of CyLab. He joined the faculty at UNC in 2007.
Dr. Reiter was named an ACM Fellow in 2008 and an IEEE Fellow in 2014. In 2016, he was awarded the Outstanding Contributions Award from the ACM Special Interest Group on Security, Audit and Control (SIGSAC), for “pioneering research contributions and leadership in computer and information security”.
Host: Z. Lin