Poster: Secure Storage of Masked Passwords

AutorMayer, Peter; Volkamer, Melanie
ArtConference Proceedings
AbstraktPasswords are used to secure our daily digital lives. Some websites on the Internet use a technique called masked passwords to combat observation attacks (e.g. keyloggers or shoulder-surfers). This technique requires the users to enter only a random subset of the characters of their password, thus preventing an observer to capture the entire password. However, to verify the individual characters, the password must be stored as plaintext or reversibly encrypted on the website's servers. In this work, we present a method, which allows storing the users' passwords in hashed form when using masked passwords.
InIEEE European Symposium on Security and Privacy Posters