Title

Leakage-resilient Password Entry: Challenges, Design, and Evaluation

Publication Type

Journal Article

Publication Date

2-2015

Abstract

Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this problem and investigate the feasibility of solving it. Since password leakage usually happens when a password is input during authentication, we focus on designing leakage-resilient password entry (LRPE) schemes in this study. We develop a broad set of design criteria and use them to construct a practical LRPE scheme named CoverPad, which not only improves leakage resilience but also retains most usability benefits of legacy passwords. Its practicability is further verified by an extended user study.

Keywords

User authentication, Password leakage, Leakage-resilience password entry, Mobile devices, One-time password

Discipline

Computer Sciences | Information Security

Research Areas

Cybersecurity

Publication

Computers and Security

Volume

48

First Page

196

Last Page

211

ISSN

0167-4048

Identifier

10.1016/j.cose.2014.10.008

Publisher

Elsevier

Additional URL

http://dx.doi.org/10.1016/j.cose.2014.10.008