Abstract by James Conners
Let\'s Authenticate: Authentication using certificates as an alternative to passwords
Passwords for online accounts have been around for a long time, and cause users many difficulties. Numerous alternatives have been proposed, but none with the mix of strong security, plus ease of deployment and ease of use that overcomes the advantages of a system using passwords.
Our research will seek to create a system that will serve as a suitable alternative for passwords, using client certificates. We will create Let’s Auth, an automated service that will assist the user in obtaining certificates, along with supporting software to help users manage and use certificates.
Account recovery and certificate management are some of the major issues faced by the Let’s Auth service. By using a user’s email as a challenge type, we will allow recovery of the account if the original device with the corresponding private key is lost or replaced. We plan to build and test how well the Let’s Auth system meets user needs over the course of a month-long study.