Abstract or Summary:
In spite of well known vulnerabilities, password based authentication is still widely used. One possible improvement is to use long passphrases. But unfortunately, the longer passphrases are, the more likely users mis-stroke. To make matters worse, since user-authentication interfaces are usually implemented without echo-back of stroked characters, users do not notice their mis-strokes before they finish the long inputs. In order to solve this problem, this paper proposes an echo back scheme; the monitor displays a chain of hashed values instead of asterisks. Its effect is studied in terms of expected number of total strokes. The study suggests an optimal strategy for the chaining and echo-back. It is also suggested that we can use the same strategy without customizing it. As an extension, image-based echoes are discussed as well.