Abstract by James Conners
Passwords for online accounts have been around for a long time, and cause users many difficulties. Numerous alternatives, such as Mozilla Persona, WebAuthn and Loxin, have been proposed, but most alternatives attempt to do too much, instead of focusing on the strengths of passwords, and working to improve its weaknesses.
Let’s Authenticate is an ecosystem that is focused around simple recovery, user privacy, and the automation of issuance and revocation of certificates for use in client authentication. The system contains a certificate authority, a mobile application, and a website plugin. The system allows users to obtain a certificate that will uniquely identify them to each service, while allowing anonymity between colluding websites.
We conducted an online survey that presented participants with short videos, demonstrating how different client authentication schemes function. We presented participants with short cartoon videos, demonstrating the login, registration, and recovery processes. We then asked them for their preferences with regards to each system, and the type of accounts for which they would use each system.