Experts share their on the theory on passwords has lagged practice where large providers use back-end smarts to survive with imperfect technology. Extensive published research has focused on specific aspects of the problem that can be easily formalized but do not actually have a major influence on real-world design goals. The focus of published research on clean, well-defined problems has caused the neglect of the complications of real-world Web authentication. This misplaced focus continues to hinder the applicability of password research to practice. Failure to recognize the broad range of usability, deployability, and security challenges in Web authentication has produced a several mutually incompatible password requirements for users and extensive attempts by researchers to find a solution have failed, despite different requirements in different applications.

Additional Metadata
Persistent URL
Journal Communications of the ACM
Bonneau, J. (Joseph), Herley, C. (Cormac), Van Oorschot, P, & Stajano, F. (Frank). (2015). Passwords and the evolution of imperfect authentication. Communications of the ACM, 58(7), 78–87. doi:10.1145/2699390