Publication Type
Journal Article
Version
acceptedVersion
Publication Date
2-2015
Abstract
Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this problem and investigate the feasibility of solving it. Since password leakage usually happens when a password is input during authentication, we focus on designing leakage-resilient password entry (LRPE) schemes in this study. We develop a broad set of design criteria and use them to construct a practical LRPE scheme named CoverPad, which not only improves leakage resilience but also retains most usability benefits of legacy passwords. Its practicability is further verified by an extended user study.
Keywords
User authentication, Password leakage, Leakage-resilience password entry, Mobile devices, One-time password
Discipline
Computer Sciences | Information Security
Research Areas
Cybersecurity
Publication
Computers and Security
Volume
48
First Page
196
Last Page
211
ISSN
0167-4048
Identifier
10.1016/j.cose.2014.10.008
Publisher
Elsevier
Citation
YAN, Qiang; HAN, Jin; LI, Yingjiu; ZHOU, Jianying; and DENG, Robert H..
Leakage-resilient password entry: Challenges, design, and evaluation. (2015). Computers and Security. 48, 196-211.
Available at: https://ink.library.smu.edu.sg/sis_research/2530
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1016/j.cose.2014.10.008