In this reprisal of my keynote address at ACM CCS 2023, I will discuss user-authentication practice on the Internet and the development of the research community’s apathy toward it in the 2000s. While we were focusing on replacing passwords (versus improving their use), industry leaders by the late 2010s were decrying password reuse across accounts as the “No. 1 cause of harm on the Internet” and the cause of “99% of compromised accounts”.
Continue readingSoftware security is a growing concern leading to the increasing adoption of a secure by design approach to software development. In such approach, software systems are designed from the ground up to be resilient against attacks. Despite the growing efforts into addressing security concerns early on during software development, mistakes can be made that lead to vulnerabilities (“software weaknesses*).
Continue reading