On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principals and Usability
Download: Paper (PDF)
Date: 6 Feb 2012
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2012
Designing leakage-resilient password systems (LRPSs) for unaided users (e.g. against shoulder-surfing or key logger) remains a challenge today despite two decades of intensive research. This paper demonstrates that most existing LRPSs suffer from two generic attacks. We introduce five design principles accordingly and propose a quantitative analysis framework on the usability costs of LRPSs.