Leakage-resilient password entry: Challenges, design, and evaluation
Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2015
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2530 https://ink.library.smu.edu.sg/context/sis_research/article/3530/viewcontent/Leakage_resilient_Password_Entry_2015_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-3530 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-35302020-04-27T09:26:58Z Leakage-resilient password entry: Challenges, design, and evaluation YAN, Qiang HAN, Jin LI, Yingjiu ZHOU, Jianying DENG, Robert H. Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this problem and investigate the feasibility of solving it. Since password leakage usually happens when a password is input during authentication, we focus on designing leakage-resilient password entry (LRPE) schemes in this study. We develop a broad set of design criteria and use them to construct a practical LRPE scheme named CoverPad, which not only improves leakage resilience but also retains most usability benefits of legacy passwords. Its practicability is further verified by an extended user study. 2015-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2530 info:doi/10.1016/j.cose.2014.10.008 https://ink.library.smu.edu.sg/context/sis_research/article/3530/viewcontent/Leakage_resilient_Password_Entry_2015_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University User authentication Password leakage Leakage-resilience password entry Mobile devices One-time password Computer Sciences Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
User authentication Password leakage Leakage-resilience password entry Mobile devices One-time password Computer Sciences Information Security |
| spellingShingle |
User authentication Password leakage Leakage-resilience password entry Mobile devices One-time password Computer Sciences Information Security YAN, Qiang HAN, Jin LI, Yingjiu ZHOU, Jianying DENG, Robert H. Leakage-resilient password entry: Challenges, design, and evaluation |
| description |
Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this problem and investigate the feasibility of solving it. Since password leakage usually happens when a password is input during authentication, we focus on designing leakage-resilient password entry (LRPE) schemes in this study. We develop a broad set of design criteria and use them to construct a practical LRPE scheme named CoverPad, which not only improves leakage resilience but also retains most usability benefits of legacy passwords. Its practicability is further verified by an extended user study. |
| format |
text |
| author |
YAN, Qiang HAN, Jin LI, Yingjiu ZHOU, Jianying DENG, Robert H. |
| author_facet |
YAN, Qiang HAN, Jin LI, Yingjiu ZHOU, Jianying DENG, Robert H. |
| author_sort |
YAN, Qiang |
| title |
Leakage-resilient password entry: Challenges, design, and evaluation |
| title_short |
Leakage-resilient password entry: Challenges, design, and evaluation |
| title_full |
Leakage-resilient password entry: Challenges, design, and evaluation |
| title_fullStr |
Leakage-resilient password entry: Challenges, design, and evaluation |
| title_full_unstemmed |
Leakage-resilient password entry: Challenges, design, and evaluation |
| title_sort |
leakage-resilient password entry: challenges, design, and evaluation |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2015 |
| url |
https://ink.library.smu.edu.sg/sis_research/2530 https://ink.library.smu.edu.sg/context/sis_research/article/3530/viewcontent/Leakage_resilient_Password_Entry_2015_av.pdf |
| _version_ |
1770572478949621760 |