Convenient Decentralized Authentication using Passwords 

ABSTRACT:

Proof of email address ownership is typically required to create an account and to reset a password when it is forgotten. Despite its shortcomings (e.g., latency, vulnerability to passive attack), this approach is a practical solution to the difficult problem of authenticating strangers on the Internet.

This research utilizes this emergent, lightweight relationship with email providers to offload primary user authentication from service providers; thus reducing the need for service provider-specific passwords. Our goal is to provide decentralized authentication that maintains the convenience and portability of passwords, while improving its assurances (especially against phishing). Also, as existing approaches to online decentralized authentication are typically geared for web-based logins, our new protocols are designed to unify user authentication across the application and network (especially wireless) layers.