Secure Tokens

This is an overview on the analysis of the most popular web authentication schemes. It is highly-based on a work presented in the IEEE Symp. Security & Privacy 2012 conference, entitled:

"The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes"

Here in HS, we aim to improve this analysis, by creating new protocols, integrating existing ones, and by adding new analysis points to the parameters:


  • Memorywise Effortless
  • Scalable for Users
  • Nothing to Carry
  • Physically Effortless
  • Easy to Learn
  • Efficient to Use
  • Infrequent Errors
  • Easy Recovery from Loss


  • Accessible
  • Negligible Cost per User
  • Server Compatible
  • Browser Compatible
  • Mature
  • Non Proprietary


  • Resilient to Physical Observation
  • Resilient to Targeted Impersonation
  • Resilient to Throttled Guessing
  • Resilient to Unthrottled Guessing
  • Resilient to Internal Observation
  • Resilient to Leaks from Other Verifiers
  • Resilient to Phishing
  • Resilient to Theft
  • No Trusted Third Party
  • Requiring Explicit Consent
  • Unlinkable