Using hash visualization for real-time user-governed password validation

Building upon work by Perrig & Song [21], we propose a novel hash visualization algorithm and examine its usefulness for user-governed password validation in real time. In contrast to network-based password authentication and the best practices for security which have been developed with that paradigm in mind, we are concerned with use cases that require user-governed password validation in nonnetworked untrusted contexts, i.e. to allow a user to verify that they have typed their password correctly without ever storing a record of the correct password between sessions (not even a hash). To that end, we showcase a newly designed hash visualization algorithm named MosaicVisualHash and describe how hash visualization algorithms can be used to perform user-governed password validation. We also provide a set of design recommendations for systems where hash visualization for password validation is performed in real time, i.e. as the user is in the process of typing their password.

Fietkau, Julian; Balthasar, Mandy (2019): Using hash visualization for real-time user-governed password validation. Mensch und Computer 2019 - Workshopband. DOI: 10.18420/muc2019-ws-302-04. Bonn: Gesellschaft für Informatik e.V.. MCI-WS08: 5. Usable Security und Privacy Workshop. Hamburg. 8.-11. September 2019

Schlagwörter

hash visualization , image recognition , password masking , usable security , authentication , human-computer interaction

DOI

10.18420/muc2019-ws-302-04

Sammlungen

Workshopband MuC 2019

Komplettanzeige

Using hash visualization for real-time user-governed password validation

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen