CombinedPWD: A New Password Authentication Mechanism Using Separators Between Keystrokes

Zheng, Wantong; Jia, Chunfu

doi:10.1109/cis.2017.00129

Cited by 11 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An online password mechanism named "Combined-PWD" that inserts blanks into passwords can resist brute force attacks and dictionary attacks effectively [215]. During registration, users can choose to set specified characters or blanks anywhere in the passwords string.…”

Section: Challenge Questionsmentioning

confidence: 99%

Attacks and defenses in user authentication systems: A survey

Wang

Yan

Zhang

et al. 2021

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Section: Challenge Questionsmentioning

confidence: 99%

Attacks and defenses in user authentication systems: A survey

Wang

Yan

Zhang

et al. 2021

Journal of Network and Computer Applications

View full text Add to dashboard Cite

“…This trend can be seen in the rise of two-factor or multi-factor authentication, colloquially known as 2FA and MFA respectively [ 10 , 11 , 12 , 13 ]. However, the rise of padding front-end authentication portals with such techniques has led to inflated user responsibilities without as great of security as is thought; these methods help protect against front-facing brute-forcing and dictionary attacks, but often do not add any additional layers of protection to more common forms of cyber-attacks, such as phishing, man-in-the-middle (MiTM), or replay attacks [ 7 , 8 , 12 , 14 , 15 ].…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

“…Other countermeasures include reactive password checking, heightened access control, stronger password hashing and salting, and complex, generated passwords [ 8 , 16 ]. Most of these countermeasures are focused on padding the security of alphanumeric passwords however [ 15 ]. A large body of research has been done in an attempt to replace these as well; the most common of these proposals include either biometric or graphical alternatives to alphanumeric passwords [ 8 ].…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

View full text Add to dashboard Cite

A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client–server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client–server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

show abstract

“…These attacks include among others the Phishing, Man-in-the-Middle, etc. Zheng and Jia [27] suggest the use of separators between keystrokes to address the leaked password issues. This means that the blank space is inserted within the password for better authentications.…”

Section: 2password Biometric Authenticationmentioning

confidence: 99%

A survey of biometric approaches of authentication

Yusuf¹,

Marafa²,

Shehu³

et al. 2020

IJACR

View full text Add to dashboard Cite

Information security refers to a means of preventing unauthorized users from access to information. Risk management usually adopts in information security to provide solutions to security challenges by minimizing risks.Risk can be minimized by administrative control and defense mechanisms. Access control can also enforce the user right access and thereby minimizing risks. Authentication is one of the techniques used in access control systems to protect unauthorized access. Many approaches for authentication have been proposed to address security challenges. These approaches have a conflict with the system usability and therefore required the modification of tradition password techniques for better solutions. Information Authentication is the common method used by security experts to verify the users' identities before getting access right into the system. Access controls are enforced for all users, irrespective of categories they belong. Traditional authentication methods [1] were enough to protect the unauthorized access right as many security breaches were reported. Therefore, advanced security methods that are based on human features required.

show abstract

CombinedPWD: A New Password Authentication Mechanism Using Separators Between Keystrokes

Cited by 11 publications

References 11 publications

Attacks and defenses in user authentication systems: A survey

Attacks and defenses in user authentication systems: A survey

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

A survey of biometric approaches of authentication

Contact Info

Product

Resources

About