Sciweavers

USS
2008

Panic Passwords: Authenticating under Duress

14 years 1 months ago
Panic Passwords: Authenticating under Duress
Panic passwords allow a user to signal duress during authentication. We show that the well-known model of giving a user two passwords, a `regular' and a `panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. We expand this threat model significantly, making explicit assumptions and tracking four parameters. We also introduce several new panic password systems to address new categories of scenarios.
Jeremy Clark, Urs Hengartner
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Jeremy Clark, Urs Hengartner
Comments (0)