Is it too late for PAKE?
We revisit the idea of applying Password Authenticated Key Exchange (PAKE) protocols to web authentication. A PAKE protocol is a cryptographic protocol that allows two parties who share knowledge of a password to mutually authenticate each other and establish a shared key, without explicitly revealing the password in the process. One hope of using PAKE protocols for web authentication is to help make it easier for users to authenticate websites and reduce the attack surface of social engineering attacks against their accounts.
Engler, J.; Karlof, C.; Shi, E.; Song, D. PAKE-based web authentication: the good, the bad and the hurdles. IEEE Web 2.0 Security and Privacy Workshop; 2009 May 21; Oakland, CA.