Using hash visualization for real-time user-governed password validation
ISSN der Zeitschrift
Mensch und Computer 2019 - Workshopband
MCI-WS08: 5. Usable Security und Privacy Workshop
Gesellschaft für Informatik e.V.
Building upon work by Perrig & Song , we propose a novel hash visualization algorithm and examine its usefulness for user-governed password validation in real time. In contrast to network-based password authentication and the best practices for security which have been developed with that paradigm in mind, we are concerned with use cases that require user-governed password validation in nonnetworked untrusted contexts, i.e. to allow a user to verify that they have typed their password correctly without ever storing a record of the correct password between sessions (not even a hash). To that end, we showcase a newly designed hash visualization algorithm named MosaicVisualHash and describe how hash visualization algorithms can be used to perform user-governed password validation. We also provide a set of design recommendations for systems where hash visualization for password validation is performed in real time, i.e. as the user is in the process of typing their password.