Øpass: Zero-storage Password Management Based on Password Reminders

Autor: Tzagarakis, Giannis, Papadopoulos, Panagiotis, Chariton, Antonios A., Athanasopoulos, Elias, Markatos, Evangelos P.
Přispěvatelé: Markatos, Evangelos P. [0000-0003-3563-7733], Athanasopoulos, Elias [0000-0002-8759-3261]
Rok vydání: 2018
Předmět:
Zdroj: Proceedings of the 11th European Workshop on Systems Security
Proceedings of the 11th European Workshop on Systems Security-EuroSec18
Proceedings of the 11th European Workshop on Systems Security -EuroSec'18
EuroSec@EuroSys
Popis: A plethora of Internet services and applications require user authentication. Although many alternatives have been proposed, and despite the significant advancement in attackers' capabilities to perform password cracking, the most attractive authentication technology today, is still text-based passwords. The last years, there is a rapid increase in the number of web services a user accesses in their everyday life. Most of these services (e.g., online shops, OSNs, chat clients, etc.) require their very own password, thus increasing the burden of password management on the user side. In this paper, we propose Øpass, a novel system that combines ideas from existing authentication methods, to offer a user-friendly mechanism to securely maintain accounts. Øpass works as a password manager, but it requires zero storage for the passwords: no password will ever get stored either in the user's device, or in a third-party database. We implement Øpass as an extension for the popular Google Chrome browser, and we evaluate it by using the popular business-oriented social networking service LinkedIn. Early results from our performance tests show that Øpass, using a proactive strategy, can achieve more than 2 orders of magnitude better performance than the current state-of-the-art authentication mechanism.
Databáze: OpenAIRE
Externí odkaz: