Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes

In web authentication, the many password alternatives proposed over the years, despite having different designs and objectives, all predominantly rely on an element of secrecy. This motivates us, herein, to provide the first detailed exploration of the integration of a fundamentally different element of defense into the design of web authentication schemes: a mimicry resistance dimension. We analyze web authentication mechanisms with respect to new properties related to mimicry-resistance, and in particular evaluate invisible techniques that provide some mimicry-resistance (unlike those relying solely on static secrets), including device fingerprinting schemes, PUFs (physically unclonable functions), and a subset of Internet geolocation mechanisms.