Systematic Solutions to Login and Authentication Security: A Dual-Password Login-Authentication Mechanism

arXiv:2404.01803v1 Announce Type: new
Abstract: Credential theft and remote attacks are the most serious threats to authentication mechanisms. The crux of the problems is that we cannot control such behaviors. However, if a password does not contain user's secrets, stealing it is useless. If unauthorized inputs are disabled, the remote attacks can be invalidated. Thereby, credential secrets and input fields to our accounts can be controlled. Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free …

arxiv attacks authentication authentication security control credential credential theft cs.cr cs.et cs.sy disabled eess.sy inputs login mechanism password problems secrets security serious solutions stealing theft threats unauthorized useless