Poster: Secure Storage of Masked Passwords

AuthorMayer, Peter; Volkamer, Melanie
TypeConference Proceedings
AbstractPasswords are used to secure our daily digital lives. Some websites on the Internet use a technique called masked passwords to combat observation attacks (e.g. keyloggers or shoulder-surfers). This technique requires the users to enter only a random subset of the characters of their password, thus preventing an observer to capture the entire password. However, to verify the individual characters, the password must be stored as plaintext or reversibly encrypted on the website's servers. In this work, we present a method, which allows storing the users' passwords in hashed form when using masked passwords.
InIEEE European Symposium on Security and Privacy Posters