-
Notifications
You must be signed in to change notification settings - Fork 0
/
sources.bib
390 lines (345 loc) · 11.9 KB
/
sources.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
% ------- STANDARDS AND SPECIFICATIONS -------
@online{webauthn_standard,
author = {},
publisher = {W3C},
title = {Web Authentication: An API for accessing Public Key Credentials},
month = {03},
year = {2019},
url = {https://www.w3.org/TR/webauthn/},
urldate = {2020-04-01}
}
@online{fido2_overview,
publisher = {FIDO Alliance},
title = {FIDO2: WebAuthn \& CTAP},
url = {https://fidoalliance.org/fido2/},
urldate = {2020-04-01}
}
@online{fido2_webauthn,
publisher = {FIDO Alliance},
title = {FIDO2: Web Authentication (WebAuthn)},
url = {https://fidoalliance.org/fido2/fido2-web-authentication-webauthn/},
urldate = {2020-04-07}
}
@manual{fido2_ctap,
publisher = {FIDO Alliance},
author = {Christiaan Brand and Alexei Czeskis and Jakob Ehrensvärd and Michael B. Jones and Akshay Kumar and Rolf Lindemann and Adam Powers and Johan Verrept},
month = {01},
year = {2019},
title = {Client to Authenticator Protocol (CTAP)},
url = {https://fidoalliance.org/fido2/fido2-web-authentication-webauthn/},
urldate = {2020-04-07}
}
@online{mdn_webauthn,
publisher = {Mozilla Developer network},
title = {Web Authentication API},
url = {https://developer.mozilla.org/de/docs/Web/API/Web_Authentication_API},
urldate = {2020-04-15}
}
@article{nist,
author = {Paul A. Grassi and Michael E. Garcia and James L. Fenton},
title = {Digital Identity Guidelines},
journal = {Special Publication (NIST SP)},
year = {2017},
number = {800-63-3}
}
% ------- FIDO2 -------
@online{hunt2018b,
author = {Troy Hunt},
publisher = {Troy Hunt},
title = {Beyond Passwords: 2FA, U2F and Google Advanced Protection},
month = {11},
year = {2018},
url = {https://www.troyhunt.com/beyond-passwords-2fa-u2f-and-google-advanced-protection/},
urldate = {2020-03-25}
}
@online{leitner2019,
author = {Felix von Leitner},
publisher = {Fefes Blog},
title = {},
month = {10},
year = {2019},
url = {https://blog.fefe.de/?ts=a3695c14},
urldate = {2020-04-20}
}
@inproceedings{lyastani2020,
year = {2020},
booktitle = {41st IEEE Symposium on Secruity and Privacy (IEEE S\&P)},
author = {Sanam Ghorbani Lyastani and Michael Schilling and Michaela Neumayr and Michael Backes and Sven Bugiel},
title = {Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication},
publisher = {Oakland Association}
}
@online{chonng2018,
author = {Jerrod Chong},
publisher = {Yubico Blog},
title = {10 Things You’ve Been Wondering About FIDO2, WebAuthn, and a Passwordless World},
month = {08},
year = {2018},
url = {https://www.yubico.com/blog/10-things-youve-been-wondering-about-fido2-webauthn-and-a-passwordless-world/},
urldate = {2020-04-20}
}
@online{mehta2018,
author = {Yogesh Mehta},
publisher = {Microsoft Security Team},
title = {Building a world without passwords},
month = {05},
year = {2018},
url = {https://www.microsoft.com/security/blog/2018/05/01/building-a-world-without-passwords/},
urldate = {2020-03-25}
}
@article{dunkelberger2018,
author = {Phil Dunkelberger},
title = {FIDO2 puts biometrics at heart of web security},
journal = {Biometric Technology Today},
year = {2018},
pages = {8-10}
}
@online{gomi2019,
author = {Hidehito Gomi and Bill Leddy and Dean H. Saxe},
publisher = {FIDO Alliance},
title = {Recommended Account Recovery Practices for FIDO Relying Parties},
month = {02},
year = {2019},
url = {https://fidoalliance.org/recommended-account-recovery-practices/},
urldate = {2020-05-14}
}
@online{yubikey_5_nfc,
author = {},
publisher = {Yubico AB},
title = {YubiKey 5 NFC},
month = {02},
year = {2019},
url = {https://www.yubico.com/product/yubikey-5-nfc},
urldate = {2020-05-14}
}
@inproceedings{lang2017,
author = {Lang, Juan and Czeskis, Alexei and Balfanz, Dirk and Schilder, Marius and Srinivas, Sampath},
title = {Security Keys: Practical Cryptographic Second Factors for the Modern Web},
booktitle = {Financial Cryptography and Data Security},
publisher = {Springer Berlin Heidelberg},
year = {2017},
pages = {422-440}
}
@inproceedings{das2018,
author = {Das, Sanchari and Russo, Gianpaolo and Dingman, Andrew C. and Dev, Jayati and Kenny, Olivia and Camp, L. Jean},
title = {A qualitative study on usability and acceptability of Yubico security key},
booktitle = {Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust},
publisher = {Association for Computing Machinery},
year = {2018},
pages = {28-39}
}
@online{fido_history,
author = {{FIDO Alliance}},
publisher = {FIDO Alliance},
title = {History of FIDO Alliance},
month = {},
year = {},
url = {https://fidoalliance.org/overview/history/},
urldate = {2020-05-26}
}
@online{owasp_auth,
author = {{OWASP}},
publisher = {OWASP},
title = {A2:2017-Broken Authentication},
month = {},
year = {2017},
url = {https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A2-Broken_Authentication},
urldate = {2020-05-26}
}
@INPROCEEDINGS{rafique2015,
author = {S. {Rafique} and M. {Humayun} and B. {Hamid} and A. {Abbas} and M. {Akhtar} and K. {Iqbal}},
booktitle = {2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)},
title = {Web application security vulnerabilities detection approaches: A systematic mapping study},
year = {2015},
pages = {1-6}
}
% ------- PASSWORDS -------
@online{hunt2011,
author = {Troy Hunt},
publisher = {Troy Hunt},
title = {The only secure password is the one you can’t remember},
month = {03},
year = {2011},
url = {https://www.troyhunt.com/only-secure-password-is-one-you-cant/},
urldate = {2020-04-28}
}
@online{hunt2017,
author = {Troy Hunt},
publisher = {Troy Hunt},
title = {Password Strength Indicators Help People Make Ill-Informed Choices},
month = {07},
year = {2017},
url = {https://www.troyhunt.com/password-strength-indicators-help-people-make-dumb-choices/},
urldate = {2020-04-29}
}
@online{hunt2018c,
author = {Troy Hunt},
publisher = {Troy Hunt},
title = {86\% of Passwords are Terrible (and Other Statistics)},
month = {05},
year = {2018},
url = {https://www.troyhunt.com/86-of-passwords-are-terrible-and-other-statistics/},
urldate = {2020-04-29}
}
@online{hunt2018a,
author = {Troy Hunt},
publisher = {Troy Hunt},
title = {Here's Why [Insert Thing Here] Is Not a Password Killer},
month = {11},
year = {2018},
url = {https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/},
urldate = {2020-03-25}
}
@article{lyastani2018,
author = {Sanam Ghorbani Lyastani and Michael Schilling and Sascha Fahl and Michael Backes and Sven Bugiel},
title = {Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse},
journal = {USENIX Security Symposium},
year = {2018},
number = {27},
pages = {203-220}
}
@article{bailey2014,
author = {Daniel V. Bailey and Markus Dürmuth and Christof Paar},
title = {Statistics on Password Re-use and Adaptive Strength for Financial Accounts},
journal = {Security and Cryptography for Networks (SCN)},
year = {2014},
number = {8642},
pages = {218-235}
}
@online{hpi,
publisher = {Hasso-Plattner-Institut},
title = {Is someone spying on you?},
url = {https://sec.hpi.de/ilc/search},
urldate = {2020-04-15}
}
@online{hibp,
author = {Troy Hunt},
publisher = {{Have I Been Pwned}},
title = {';--have i been pwned?},
url = {https://haveibeenpwned.com/},
urldate = {2020-04-15}
}
% ------- IN THE NEWS -------
@online{ng2019,
author = {Alfred Ng},
publisher = {cnet},
title = {Google looks to leave passwords behind for a billion Android devices},
month = {02},
year = {2019},
url = {https://www.cnet.com/news/google-looks-to-leave-passwords-behind-for-a-billion-android-devices/},
urldate = {2020-04-01}
}
@online{mingis2020,
author = {Ken Mingis and Juliet Beauchamp and Lucas Mearian},
publisher = {Computerworld},
title = {FIDO Alliance and the future of passwords},
month = {03},
year = {2020},
url = {https://www.computerworld.com/article/3530435/fido-alliance-and-the-future-of-passwords.html},
urldate = {2020-04-01}
}
@online{gallagher2019,
author = {Sean Gallagher},
publisher = {arsTechnica},
title = {Facebook apps logged users’ passwords in plaintext, because why not},
month = {03},
year = {2019},
url = {https://arstechnica.com/information-technology/2019/03/facebook-developers-wrote-apps-that-stored-users-passwords-in-plaintext/},
urldate = {2020-05-25}
}
@online{nichols2020,
author = {Steven Vaughan-Nichols},
publisher = {ZDNet},
title = {Apple joins FIDO Alliance, commits to getting rid of passwords},
month = {02},
year = {2020},
url = {https://www.zdnet.com/article/apple-joins-fido-alliance-commits-to-getting-rid-of-passwords/},
urldate = {2020-05-23}
}
% ------- FOUNDATIONS -------
@article{bonneau2012,
author = {Joseph Bonneau and Cormac Herley and Paul van Oorschot and Frank Stajano},
title = {The quest to replace passwords: a framework for comparative evaluation of web authentication schemes.},
journal = {IEEE Symposium on Security and Privacy},
year = {2012},
pages = {553-567}
}
@online{turner2016,
author = {Dawn M. Turner},
publisher = {CRYPTOMAThIC},
title = {Digital Authentication - the basics},
month = {08},
year = {2016},
url = {https://www.cryptomathic.com/news-events/blog/digital-authentication-the-basics},
urldate = {2020-05-23}
}
@article{platt2015,
author = {Moritz Platt},
title = {Identitätsmanagement mit sicherer Authentifizierung und Attributweitergabe},
journal = {Deutscher IT-Sicherheitskongress},
year = {2051},
volume = {14},
number = {},
pages = {}
}
@online{statista_2fa,
author = {{Duo Security}},
publisher = {Statista},
title = {Share of internet users in the United States who use two-factor authentication in 2013 and 2017},
month = {11},
year = {2017},
url = {https://www.statista.com/statistics/789473/us-use-of-two-factor-authentication/},
urldate = {2020-05-23}
}
@book{nielsen1993,
author = {Jakob Nielsen},
year = {1993},
title = {Usability Engineering},
publisher = {Academic Press},
address = {London},
}
Nielsen J (1993) Usability engineering, 2008th ed. Kaufmann, San Diego
% ------- OTHER -------
@article{elhai2016,
author = {Jon D. Elhai and Brian J. Hall},
title = {Anxiety about internet hacking: Results from a community sample},
journal = {Computers in Human Behavior},
year = {2016},
number = {54},
pages = {180-185}
}
@article{whitty2015,
author = {Monica Whitty and James Doodson and Sadie Creese and and Duncan Hodges},
title = {Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords},
journal = {CYBERPSYCHOLOGY, BEHAVIOR, AND SOCIAL NETWORKING},
year = {2015},
volume = {18},
number = {1},
pages = {3-7}
}
@online{statista_dossier2018,
author = {Léonie Brandt},
publisher = {Statista},
title = {Statista Befragung Cybersecurity und Cloud 2018},
month = {10},
year = {2018},
url = {https://de.statista.com/statistik/studie/id/58204/dokument/cybersecurity-und-cloud/},
urldate = {2020-05-09}
}
@online{mcmillan2012,
author = {Robert McMillan},
publisher = {Wired},
title = {The World's First Computer Password? It Was Useless Too},
month = {01},
year = {2012},
url = {https://www.wired.com/2012/01/computer-password/},
urldate = {2020-05-17}
}
@online{wakefield2020,
author = {Jane Wakefield},
publisher = {BBC},
title = {EasyJet admits data of nine million hacked},
month = {05},
year = {2020},
url = {https://www.bbc.com/news/technology-52722626},
urldate = {2020-05-30}
}