Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Authentication, access control, and audit
ACM Computing Surveys (CSUR)
Proactive password checking with decision trees
Proceedings of the 4th ACM conference on Computer and communications security
High dictionary compression for proactive password checking
ACM Transactions on Information and System Security (TISSEC)
ACM Computing Surveys (CSUR)
Password security: a case history
Communications of the ACM
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
IEEE Internet Computing
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Optimal authentication protocols resistant to password guessing attacks
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Price/performance comparison of C.mmp and the PDP-10
ISCA '76 Proceedings of the 3rd annual symposium on Computer architecture
An Intrusion-Tolerant Password Authentication System
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Password policy: the good, the bad, and the ugly
WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
A Theory of Dictionary Attacks and its Complexity
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Hi-index | 0.00 |
Access to systems that need protection is usually restricted by asking the user to prove her identity and to authenticate. Combination of user name and password (or PIN) is the most common technique used for this purpose. Unfortunately, user-name/password based authentication is vulnerable to various types of password guessing attacks. Some techniques of making password guessing very difficult do exist. With these techniques, policies for very strong passwords can be avoided, however, they usually rely on manual intervention by the security administrator to manually reset the passwords. Such manual steps result in significant expense in large enterprises to deal with password issues. Here we present a novel technique that uses a State Based Authentication method to significantly increase the cost of brute-force and dictionary attack on passwords. When deployed, it has the potential to reduce the cost of password helpdesk significantly by eliminating the need of most password-reset requests.