OPUS: preventing weak password choices
Computers and Security
Authentication via keystroke dynamics
Proceedings of the 4th ACM conference on Computer and communications security
Public-key cryptography and password protocols: the multi-user case
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Password hardening based on keystroke dynamics
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Password security: a case history
Communications of the ACM
More Efficient Password-Authenticated Key Exchange
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Pessimal Print: A Reverse Turing Test
ICDAR '01 Proceedings of the Sixth International Conference on Document Analysis and Recognition
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Dos and don'ts of client authentication on the web
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Telling humans and computers apart automatically
Communications of the ACM - Information cities
Fast dictionary attacks on passwords using time-space tradeoff
Proceedings of the 12th ACM conference on Computer and communications security
On instant messaging worms, analysis and countermeasures
Proceedings of the 2005 ACM workshop on Rapid malcode
Minimal-feedback hints for remembering passwords
interactions - A contradiction in terms?
Pass-thoughts: authenticating with our minds
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Proceedings of the 43rd annual Southeast regional conference - Volume 2
On countering online dictionary attacks with login histories and humans-in-the-loop
ACM Transactions on Information and System Security (TISSEC)
Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol
Computer Communications
Passwords decay, words endure: secure and re-usable multiple password mnemonics
Proceedings of the 2007 ACM symposium on Applied computing
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Do strong web passwords accomplish anything?
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Halting password puzzles: hard-to-break encryption from human-memorable keys
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Passwords for everyone: secure mnemonic-based accessible authentication
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Analyzing websites for user-visible security design flaws
Proceedings of the 4th symposium on Usable privacy and security
Extending web applications with a lightweight zero knowledge proof authentication
CSTST '08 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology
POSH: a generalized captcha with security applications
Proceedings of the 1st ACM workshop on Workshop on AISec
A novel software key container in on-line media services
Computers and Electrical Engineering
Security flaw of Hölbl et al.'s protocol
Computer Communications
HPAKE: Password Authentication Secure against Cross-Site User Impersonation
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Building a better password: the role of cognitive load in information security training
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A novel user-participating authentication scheme
Journal of Systems and Software
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A scalable and secure cryptographic service
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Digital rights management using a master control device
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Password strength: an empirical analysis
INFOCOM'10 Proceedings of the 29th conference on Information communications
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Proceedings of the 26th Annual Computer Security Applications Conference
Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
On the necessity of user-friendly CAPTCHA
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Strengthening password-based authentication protocols against online dictionary attacks
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
A protocol for secure public instant messaging
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Mitigating dictionary attacks on password-protected local storage
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Metrics of password management policy
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Secure password-based authenticated group key agreement for data-sharing peer-to-peer networks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Key exchange using passwords and long keys
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Perfectly secure password protocols in the bounded retrieval model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Getting web authentication right: a best-case protocol for the remaining life of passwords
SP'11 Proceedings of the 19th international conference on Security Protocols
A novel architecture for the generation of picture based CAPTCHA
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Tapprints: your finger taps have fingerprints
Proceedings of the 10th international conference on Mobile systems, applications, and services
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Graphical password authentication using cued click points
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Explicit authentication response considered harmful
Proceedings of the 2013 workshop on New security paradigms workshop
Hi-index | 0.00 |
The use of passwords is a major point of vulnerability in computer security, as passwords are often easy to guess by automated programs running dictionary attacks. Passwords remain the most widely used authentication method despite their well-known security weaknesses. User authentication is clearly a practical problem. From the perspective of a service provider this problem needs to be solved within real-world constraints such as the available hardware and software infrastructures. From a user's perspective user-friendliness is a key requirement.In this paper we suggest a novel authentication scheme that preserves the advantages of conventional password authentication, while simultaneously raising the costs of online dictionary attacks by orders of magnitude. The proposed scheme is easy to implement and overcomes some of the difficulties of previously suggested methods of improving the security of user authentication schemes.Our key idea is to efficiently combine traditional password authentication with a challenge that is very easy to answer by human users, but is (almost) infeasible for automated programs attempting to run dictionary attacks. This is done without affecting the usability of the system. The proposed scheme also provides better protection against denial of service attacks against user accounts.