"I have found Journal of Airport Management to be an incredibly professional and leading-edge journal which finds and addresses the key areas of interest and importance to the aviation industry in general and the airport operator specifically. The themes, cases studies and areas investigated and researched by the journal's writers are of a high quality and professionalism allowing me as an industry participant to continually learn and improve. I strongly support and recommend the journal to anyone within or interested in the aviation industry as an essential tool in assisting you to improve your own knowledge and performance."
Open sesame: Lessons in password-based user authentication
Click the button below to download the full text of the article.
Abstract: The cost of unusable password policies in the wild is well documented. These costs impinge both business and security. The alternative is to move to multi-factor and risk-based authentication, which include software authenticators, hardware tokens, and biometrics. This paper provides an overview of the research in this area and concludes with guidance on how to best leverage password-based authentication. We recommend that designers should only implement efforts backed by empirical evidence, offer solutions to reduce user effort, and use compensating controls to address the underlying limitations of passwords.
Keywords: passwords; biometrics; 2FA; MFA; authentication
Bahman Rashidi is a Senior Cyber Security Researcher and System Architect at Comcast Cable. At Comcast, his responsibilities focus on conducting cyber security research and development in the areas of network security, Internet of Things (IoT) devices, applications of machine learning (ML) in cyber security, privacy and data protection and quantum computing/key distribution. He designs and builds strategic cyber security technologies and tools on the bleeding edge, including building networks, led teams, architected security infrastructure and security solutions.
Vaibhav Garg is the Senior Director of Cybersecurity Research & Public Policy at Comcast Cable. He has a PhD in security informatics from Indiana University and a Master’s in information security from Purdue University. His research lies at the intersection of information security, technology policy and economics. He is the co-author of over 20 peer-reviewed publications and received the best paper award for his paper on the economics of cybercrime at eCrime 2011. He also received ACM Computer and Society’s Outstanding Service award in 2015 for his contributions as editor-in-chief of ACM Computers and Society Newsletter.