Panic Passwords: Authenticating under Duress
Date: July 2008
Publication: The 3rd USENIX Workshop on Hot Topics in Security, HotSec '08
Source 1: http://usenix.org/legacy/events/hotsec08/tech/full_papers/clark/clark.pdf
Source 2: http://users.encs.concordia.ca/~clark/papers/2008_hotsec.pdf
Panic passwords allow a user to signal duress during authentication. We show that the well-known model of giving a user two passwords, a 'regular' and a 'panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. We expand this threat model significantly, making explicit assumptions and tracking four parameters. We also introduce several new panic password systems to address new categories of scenarios.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.