Show simple item record

dc.contributor.authorHorsch, Moritz
dc.contributor.authorSchlipf, Mario
dc.contributor.authorHaas, Stefan
dc.contributor.authorBraun, Johannes
dc.contributor.authorBuchmann, Johannes
dc.contributor.editorHühnlein, Detlef
dc.contributor.editorRoßnagel, Heiko
dc.contributor.editorSchunck, Christian H.
dc.contributor.editorTalamo, Maurizio
dc.date.accessioned2017-06-20T11:39:37Z
dc.date.available2017-06-20T11:39:37Z
dc.date.issued2016
dc.identifier.isbn978-3-88579-658-9
dc.identifier.issn1617-5468
dc.description.abstractPassword-based authentication is the most widely used authentication scheme for granting access to user accounts on the Internet. Despite this, there exists no standard implementation of passwords by services. They have different password requirements as well as interfaces and procedures for login, password change, and password reset. This situation is very challenging for users and often leads to the choice of weak passwords and prevents security-conscious behavior. Furthermore, it prevents the development of applications that provide a fully-fledged assistance for users in securely generating and managing passwords. In this paper, we present a solution that bridges the gap between the different password implementations on the service-side and applications assisting users with their passwords on the client-side. First, we introduce the Password Policy Markup Language (PPML). It enables a uniformly specified Password Policy Description (PPD) for a services. A PPD describes the password requirements as well as password interfaces and procedures of a service and can be processed by applications. It enables applications to automatically (1) generate passwords in accordance with the password requirements of a service, (2) perform logins, (3) change passwords, and (4) reset passwords. Second, we present a prototypical password manager which uses PPDs and is capable of generating and completely managing passwords on behalf of users.
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-264
dc.titlePassword Policy Markup Language
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages135-147
mci.conference.locationRome, Italy
mci.conference.date13.-14. October 2016


Files in this item

Thumbnail

Show simple item record