Abstract
In this reprisal of my keynote address at ACM CCS 2023, I will discuss user-authentication practice on the Internet and the development of the research community’s apathy toward it in the 2000s. While we were focusing on replacing passwords (versus improving their use), industry leaders by the late 2010s were decrying password reuse across accounts as the “No. 1 cause of harm on the Internet” and the cause of “99% of compromised accounts”. Eventually the research community woke up to the persistence of passwords, and I will describe a thread of research that has developed over the past decade to address one of the key factors enabling account-harvesting campaigns in practice. In doing so, I will argue that in our own contributions to this research, my collaborators and I largely rediscovered insights that one of my mentors documented over 30 years prior that, had they not been lost to history, might have forestalled the “No. 1 cause of harm on the Internet”. I will conclude with some lessons that researchers can learn from this experience.
Biography
Michael Reiter is a James B. Duke Distinguished Professor in the Departments of Computer Science and Electrical & Computer Engineering at Duke University, which he joined in January 2021 following previous positions in industry (culminating as Director of Secure Systems Research at Bell Labs, Lucent) and academia (Professor of CS and ECE at Carnegie Mellon, and Distinguished Professor of CS at UNC-Chapel Hill). His technical contributions lie primarily in computer security and distributed computing, and include several that have seen widespread adoption. He is a Fellow of the ACM and the IEEE, and a recipient of the ACM SIGSAC Outstanding Contributions Award and multiple Test-of-Time awards.
