Fluidpasswords - Mitigating the Effects of Password Leaks at User Level
Abstract
Password leaks have been frequently reported in the recent years, with many big companies such as Sony, Amazon, LinkedIn, and Walmart falling victim to breaches involving the release of customer information. Even though passwords are usually stored securely in a salted hash, the availability of powerful password cracking platforms have still enabled attackers to crack passwords. And with the increase in on-line infrastructure, attackers have an easier time than ever breaking into business databases. Therefore, we need better password protection at the user level, and ideally one that does not cost users any additional effort. We know that the adverse effects of a user's password being guessed can be mitigated by changing the user's password. Therefore, we introduce a simple yet powerful algorithm to reset user account passwords automatically, while still allowing users to authenticate, without any additional effort on their part. We implemented our algorithm in a Firefox Add-on that automatically resets a user�s password when they log in to their account, and stores the new password in password manager.
Collections
- OSU Theses [15752]