Love em or loathe em, passwords remain the primary means of authenticating people when logging-on to IT systems.
Publishers Taylor & Francis have just released a collection of security journal articles concerning passwords, a mixed bag published in T&F journals over the past decade or so, the whole being a reasonable reflection of the evolving state of the art.
I haven't read all ~40 articles but so far I have enjoyed:
- Ralph Spencer Poore outlining the use of password-based authentication systems and their security-relevant parameters
- Fred Cohen laying into the generally inappropriate, outdated and often counterproductive but widespread and persistent practice of forcing users to change their passwords periodically
- Eban Kaplan discussing image and gesture-based authentication, including some innovative approaches quite different to traditional alphanumeric passwords
- A Da Veiga and JHP Eloff discussing different approaches to information security governance (with barely a mention of passwords)
- A 2005 paper about password vaults (as they are now commonly known) by J Mulligan and J Elbirt.