Leakage-resilient Password Entry: Challenges, Design, and Evaluation
Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this problem and investigate the feasibility of solving it. Since password leakage usually happens when a password is input during authentication, we focus on designing leakage-resilient password entry (LRPE) schemes in this study. We develop a broad set of design criteria and use them to construct a practical LRPE scheme named CoverPad, which not only improves leakage resilience but also retains most usability benefits of legacy passwords. Its practicability is further verified by an extended user study.
User authentication, Password leakage, Leakage-resilience password entry, Mobile devices, One-time password
Computer Sciences | Information Security
Computers and Security
YAN, Qiang; HAN, Jin; LI, Yingjiu; ZHOU, Jianying; and DENG, Robert H..
Leakage-resilient Password Entry: Challenges, Design, and Evaluation. (2015). Computers and Security. 48, 196-211. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/2530