Using hash visualization for real-time user-governed password validation (conference_proceedings)

Erscheinungsjahr: 2019

Author(s): Fietkau, Julian; Balthasar, Mandy

Abstract:

Building upon work by Perrig & Song [21], we propose a novel hash visualization algorithm and examine its usefulness for user-governed password validation in real time. In contrast to network-based password authentication and the best practices for security which have been developed with that paradigm in mind, we are concerned with use cases that require user-governed password validation in non-networked untrusted contexts, i.e. to allow a user to verify that they have typed their password correctly without ever storing a record of the correct password between sessions (not even a hash). To that end, we showcase a newly designed hash visualization algorithm named MosaicVisualHash and describe how hash visualization algorithms can be used to perform user-governed password validation. We also provide a set of design recommendations for systems where hash visualization for password validation is performed in real time, i.e. as the user is in the process of typing their password.

Full reference:

Fietkau, J., & Balthasar, M. (2019). Using hash visualization for real-time user-governed password validation. In Proc. Mensch und Computer 2019 - Workshopband (pp. 240-247). doi:10.18420/muc2019-ws-302-04

Keywords:

authentication, hash visualization, human-computer interaction, image recognition, password masking, usable security

Tags:

URL:

DOI: 10.18420/muc2019-ws-302-04

ISBN:

pdf