Panic Passwords: Authenticating under Duress
Date: July 2008 Publication: The 3rd USENIX Workshop on Hot Topics in Security, HotSec '08 Publisher: USENIX Source 1: http://usenix.org/legacy/events/hotsec08/tech/full_papers/clark/clark.pdf Source 2: http://users.encs.concordia.ca/~clark/papers/2008_hotsec.pdf Abstract or Summary:
Panic passwords allow a user to signal duress during authentication. We show that the well-known model of giving a user two passwords, a 'regular' and a 'panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. We expand this threat model significantly, making explicit assumptions and tracking four parameters. We also introduce several new panic password systems to address new categories of scenarios. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |