Trevor Smith, Brigham Young University; Scott Ruoti, MIT Lincoln Laboratory; Kent Seamons, Brigham Young University
Password authentication is the most prevalent form of authentication; however, passwords have numerous usability issues. For example, due to the large number and high complexity required of passwords, users frequently reuse and choose weak passwords. One way to address these problems is to centralize password management by using a password manager or single sign-on. While this centralizing approach can improve a user's security, it also magnifies the damage caused by a compromise of the user's master password. In this paper, we describe a new approach to enhance centralized password management using application-specific passwords. This approach prevents the compromise of a master password from immediately compromising all associated applications and instead, requires the attacker to conduct further online attacks against individual applications. We detail ve possible system designs for application-specific passwords and describe our plans for user studies to test the acceptance and usability of this approach.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
title = {Augmenting Centralized Password Management with {Application-Specific} Passwords},
booktitle = {Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017)},
year = {2017},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/soups2017/workshop-program/way2017/smith},
publisher = {USENIX Association},
month = jul
}
