Echo Back in Implementation of Passphrase Authentication
Date: September 2001
Publication: Proceedings of the 2001 International Workshop on Cryptology and Network Security
Page(s): 238 - 245
Source 1: http://imailab-www.iis.u-tokyo.ac.jp/Members/kanta/taiwan01cr.pdf
Abstract or Summary:
In spite of well known vulnerabilities, password based authentication is still widely used. One possible improvement is to use long passphrases. But unfortunately, the longer passphrases are, the more likely users mis-stroke. To make matters worse, since user-authentication interfaces are usually implemented without echo-back of stroked characters, users do not notice their mis-strokes before they finish the long inputs. In order to solve this problem, this paper proposes an echo back scheme; the monitor displays a chain of hashed values instead of asterisks. Its effect is studied in terms of expected number of total strokes. The study suggests an optimal strategy for the chaining and echo-back. It is also suggested that we can use the same strategy without customizing it. As an extension, image-based echoes are discussed as well.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.