Panic Passwords: Authenticating under Duress
Author(s): Jeremy Clark, Urs Hengartner

Date: July 2008
Publication: The 3rd USENIX Workshop on Hot Topics in Security, HotSec '08
Publisher: USENIX
Source 1: http://usenix.org/legacy/events/hotsec08/tech/full_papers/clark/clark.pdf
Source 2: http://users.encs.concordia.ca/~clark/papers/2008_hotsec.pdf

Abstract or Summary:
Panic passwords allow a user to signal duress during authentication. We show that the well-known model of giving a user two passwords, a 'regular' and a 'panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. We expand this threat model significantly, making explicit assumptions and tracking four parameters. We also introduce several new panic password systems to address new categories of scenarios.



Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com