On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principals and Usability

Author(s): Qiang Yan, Jin Han, Yingjiu Li and Robert H. Deng

Download: Paper (PDF)

Date: 6 Feb 2012

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2012

Abstract:

Designing leakage-resilient password systems (LRPSs) for unaided users (e.g. against shoulder-surfing or key logger) remains a challenge today despite two decades of intensive research. This paper demonstrates that most existing LRPSs suffer from two generic attacks. We introduce five design principles accordingly and propose a quantitative analysis framework on the usability costs of LRPSs.