Editing Authenticator (section)

==Comparison==

It is convenient to use passwords as a basis for comparison since it is widely understood how to use a password.<ref>{{cite web |last1=Hunt |first1=Troy |title=Here's Why <nowiki>[Insert Thing Here]</nowiki> Is Not a Password Killer |url=https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/ |access-date=24 March 2019 |date=5 November 2018}}</ref> On computer systems, passwords have been used since at least the early 1960s.<ref name="McMillan 2012">{{cite magazine |last1=McMillan |first1=Robert |title=The World's First Computer Password? It Was Useless Too |url=https://www.wired.com/2012/01/computer-password/ |magazine=[[Wired magazine]] |access-date=22 March 2019 |date=27 January 2012}}</ref><ref name="Hunt 2017">{{cite web |last1=Hunt |first1=Troy |title=Passwords Evolved: Authentication Guidance for the Modern Era |url=https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/ |access-date=22 March 2019 |date=26 July 2017}}</ref> More generally, passwords have been used since ancient times.<ref>{{Cite journal |last=Malempati |first=Sreelatha |last2=Mogalla |first2=Shashi |date=2011-07-31 |title=An Ancient Indian Board Game as a Tool for Authentication |url=http://www.airccse.org/journal/nsa/0711ijnsa14.pdf |journal=International Journal of Network Security & Its Applications |volume=3 |issue=4 |pages=154–163 |doi=10.5121/ijnsa.2011.3414}}</ref>

In 2012, Bonneau et al. evaluated two decades of proposals to replace passwords by systematically comparing web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security.<ref>{{cite journal |last1=Bonneau |first1=Joseph |last2=Herley |first2=Cormac |last3=Oorschot |first3=Paul C. van |last4=Stajano |first4=Frank |title=The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes |journal=Technical Report - University of Cambridge. Computer Laboratory |url=https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html |publisher=University of Cambridge Computer Laboratory |access-date=22 March 2019 |location=Cambridge, UK |date=2012 |doi=10.48456/tr-817 |issn=1476-2986}}</ref> (The cited technical report is an extended version of the peer-reviewed paper by the same name.<ref>{{cite conference |last1=Bonneau |first1=Joseph |last2=Herley |first2=Cormac |last3=Oorschot |first3=Paul C. van |last4=Stajano |first4=Frank |title=The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes |conference=2012 IEEE Symposium on Security and Privacy|location=San Francisco, CA |date=2012 |pages=553–567 |doi=10.1109/SP.2012.44|citeseerx=10.1.1.473.2241 }}</ref>) They found that most schemes do better than passwords on security while ''every'' scheme does worse than passwords on deployability. In terms of usability, some schemes do better and some schemes do worse than passwords.

Google used the evaluation framework of Bonneau et al. to compare security keys to passwords and one-time passwords.<ref>{{cite web |last1=Lang |first1=Juan |last2=Czeskis |first2=Alexei |last3=Balfanz |first3=Dirk |last4=Schilder |first4=Marius |last5=Srinivas |first5=Sampath |title=Security Keys: Practical Cryptographic Second Factors for the Modern Web |url=http://fc16.ifca.ai/preproceedings/25_Lang.pdf |archive-url=https://ghostarchive.org/archive/20221009/http://fc16.ifca.ai/preproceedings/25_Lang.pdf |archive-date=2022-10-09 |url-status=live |publisher=Financial Cryptography and Data Security 2016 |access-date=26 March 2019 |date=2016}}</ref> They concluded that security keys are more usable and deployable than one-time passwords, and more secure than both passwords and one-time passwords.