Password articles

Love em or loathe em, passwords remain the primary means of authenticating people when logging-on to IT systems.

Publishers Taylor & Francis have just released a collection of security journal articles concerning passwords, a mixed bag published in T&F journals over the past decade or so, the whole being a reasonable reflection of the evolving state of the art.

I haven't read all ~40 articles but so far I have enjoyed:

• Ralph Spencer Poore outlining the use of password-based authentication systems and their security-relevant parameters
• Fred Cohen laying into the generally inappropriate, outdated and often counterproductive but widespread and persistent practice of forcing users to change their passwords periodically
• Eban Kaplan discussing image and gesture-based authentication, including some innovative approaches quite different to traditional alphanumeric passwords
• A Da Veiga and JHP Eloff discussing different approaches to information security governance (with barely a mention of passwords)
• A 2005 paper about password vaults (as they are now commonly known) by J Mulligan and J Elbirt.