Authentication Reset Methods of Web Services
Many Web service we are using nowadays are concerning important assets like confidential information (email, health data, etc.) or money (online banking, shopping, etc.). This makes authentication to these services critical and service providers are constantly improving it for example with 2 factor and/or biometric authentication. However, as people can loose or forget an authentication credential, all service offer a possibility to reset the authentication, for example with a "forgot my password" possibility in case of password authentication. As this reset method usually only requires little information from the claimed user, it can be misused to circumvent the (strong) main authentication.
The task of this thesis is to study authentication/password reset methods used by popular Web service, analysis of their security as well as development and implementation of a secure authentication reset method.