A Dynamic Method and Program for Multiple Password Generation and Management

Abstract

Authentication is a process that users must do first to gain access to the websites/services they receive service from. Today, the most common method used for authentication is still text-based passwords. But, some difficulties/problems are encountered in the use of passwords for authentication. One of the difficulties is that users must use a separate and strong (cannot be guessed easily and hard to remember) password for each different website. Unfortunately, rather than using distinct passwords, users generally prefer to use the same password or similar passwords for different services. This leads to security vulnerabilities. Therefore, there is a need for a method/program that will enable easy and secure management of many strong passwords. In this study, a dynamic method and program is proposed to solve this problem. This method and program, inspired by the Chinese Remainders Theorem (CRT), simplifies the generation and management of multiple passwords. With this program, many individual passwords can be generated from a single unique password. Both the unique password and the individual passwords are not stored anywhere. The only thing users need to remember is the unique password, and in our method, long but easy-to-remember unique passwords can be used safely. Although inspired by the CRT, our method is not based on the CRT. CRT is only used in the security analysis of our method.

Keywords

• password
• password management
• password generation
• chinese remainder theorem
• authentication

References

1. W. A. S. A. Alothman, “Evaluating Passwords User Behavior and the Psychology of Password Management”, International Journal of Engineering and Computer Science, 8(04), 24586–24602, 2019.
2. E. Stobert, R. Biddle, “The password life cycle”, ACM Transactions on Privacy and Security (TOPS), 21(3), 1-32, 2018.
3. P. Arias-Cabarcos, et. al., “Comparing password management software: toward usable and secure enterprise authentication”, IT Professional, 18(5), 34-40, 2016.
4. Y. Y. Choong, “A cognitive-behavioral framework of user password management lifecycle”, In International Conference on Human Aspects of Information Security, Privacy, and Trust, Springer, Cham, 127-137, June 2014.
5. E. Stobert, R. Biddle, “Expert password management”, In International Conference on Passwords, Springer, Cham, 3-20, December 2015.
6. B. E. Ur, Supporting password-security decisions with data, PhD Thesis, Carnegie Mellon University, 2016.
7. C. Shen, et. al., “User practice in password security: An empirical study of real-life passwords in the wild”, Computers & Security, 61, 130-141, 2016.
8. A. H. Karp, Site-specific passwords, HP Laboratories, Palo Alto, Tech. Rep., May 2003.

9. J. A. Halderman, B. Waters, E. W. Felten, “A convenient method for securely managing passwords”, In Proceedings of the 14th international conference on World Wide Web, 471-479, May 2005.
10. R. Wolf, M. Schneider, The passwordsitter, Fraunhofer Institute for Secure Information Technology (SIT), Tech. Rep., May 2006.
11. K. P. Yee, K. Sitaker, “Passpet: Convenient password management and phishing protection”, In Proceedings of the second symposium on Usable privacy and security, 32-43, July 2006.
12. M. Mannan, P. C. van Oorschot, “Passwords for both mobile and desktop computers: ObPwd for Firefox and Android”, USENIX ;login, 37(4), 28–37, 2012.
13. M. Horsch, A. Hülsing, J. A. Buchmann, “PALPAS — passwordless password synchronization”, In 2015 10th International Conference on Availability, Reliability and Security, 30-39, August 2015.
14. F. Al Maqbali, C. J. Mitchell, “AutoPass: An automatic password generator”, In 2017 International Carnahan Conference on Security Technology (ICCST), 1-6, IEEE, October 2017.
15. A. Abdellaoui, Y. I. Khamlichi, H. Chaoui, “A novel strong password generator for improving cloud authentication”, Procedia Computer Science, 85, 293-300, 2016.
16. S. Panda, S. Mondal, “drPass: A Dynamic and Reusable Password Generator Protocol”, In International Conference on Information Systems Security, 407-426, Springer, Cham, December 2018.
17. Internet: RndPhrase, https://rndphrase.appspot.com/, 09.11.2021.
18. Internet: PwdHash port, https://addons.opera.com/en-gb/extensions/details/pwdhash-port/, 09.11.2021.
19. B. Ross, et. al., “Stronger Password Authentication Using Browser Extensions”, In USENIX Security Symposium, 17-32, August 2005.
20. Internet: Password generator, https://goo.gl/SNVtJY, 09.11.2021.
21. Internet: Lastpass, https://www.lastpass.com/, 09.11.2021.
22. Internet: KeePass, https://keepass.info/, 09.11.2021.
23. Internet: Dashlane, https://www.dashlane.com/, 09.11.2021.
24. Internet: 1Password, https://1password.com/, 09.11.2021.
25. P. Arias-Cabarcos et al., “Blended Identity: Pervasive IdM for Continuous Authentication”, IEEE Security & Privacy, 13(3), 32–39, 2015.
26. P. Arias-Cabarcos, et. al., “Comparing password management software: toward usable and secure enterprise authentication”, IT Professional, 18(5), 34-40, 2016.
27. N. Katuk, et. al., “Can single sign-on improve password management? A focus group study”, Pattern Analysis, Intelligent Security and the Internet of Things, Advances in Intelligent Systems and Computing, 85-93, Springer, Cham, 2015.
28. C. Asmuth, J. Bloom, “A modular approach to key safeguarding”, IEEE transactions on information theory, 29(2), 208-210, 1983.
29. S. Iftene, “General Secret Sharing Based on the Chinese Remainder Theorem with Applications in E-Voting”, Electronic Notes in Theoretical Computer Science (ENTCS), 186, 67–84, 2007.
30. J. C. Patra, A. Karthik, C. Bornand, “A novel CRT-based watermarking technique for authentication of multimedia contents”, Digital Signal Processing, 20, 442-453, 2010.
31. S. K. Kim, et. al., “An efficient CRT-RSA algorithm secure against power and fault attacks”, The Journal of Systems and Software, 84(10), 1660-1669, 2011.
32. K. Kaya, A. A. Selçuk, “Sharing DSS by the Chinese Remainder Theorem”, Journal of Computational and Applied Mathematics, 259, 495-502, 2014.