Verified Password Generation from Password Composition Policies
نویسندگان
چکیده
Password managers (PMs) are important tools that enable the use of stronger passwords, freeing users from cognitive burden remembering them. Despite this, there still many who do not fully trust PMs. In this paper, we focus on a feature most PMs offer might impact user’s trust, which is process generating random password. We present three commonly used algorithms and propose solution for formally verified reference implementation password generation algorithm. EasyCrypt to specify verify our implementation. addition, proof-of-concept prototype extends Bitwarden only generate compliant solving frequent users’ frustration with This demonstrates component can be integrated into an existing (and widely used) PM.
منابع مشابه
Rethinking Password Policies
“In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. ...
متن کاملImproving Usability of Password Management with Standardized Password Policies
Recent studies indicate that many users have difficulties managing online passwords for the increasing number of accumulated accounts. As a result, users often adopt strategies to simplify password management, such as selecting weak passwords and reusing passwords across multiple accounts, which unfortunately can cause security vulnerabilities. This problem is exacerbated by the fact that users...
متن کاملPersonalizing Password Policies and Strength Feedback
To make users pick stronger passwords, service providers utilize password policies and password creation feedback while the user types inside password fields. Those two techniques often fail to achieve this primary goal. In this position paper, we argue that a personalized version of polices and strength meters are worth investigating. Putting individuals into the center of attention rather tha...
متن کاملA Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016
In this paper we present a replication and extension of the study performed by Florêncio and Herley published at SOUPS 2010. They investigated a sample of US websites, examining different website features’ effects on the strength of the website’s password composition policy (PCP). Using the same methodology as in the original study, we re-investigated the same US websites to identify difference...
متن کاملPassword Visualization beyond Password Masking
When entering a password (or other secrets) the typed input is most commonly masked, i.e. the characters are hidden behind bullets or asterisks. This, however, complicates the input and highly decreases the user’s confident causing several issues such as login failure attempts. On the other hand, password masking is an important security requirement for a lot of applications and contexts to pre...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2022
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-031-07727-2_15