TY - GEN
T1 - Analysis on the security and use of password managers
AU - Luevanos, Carlos
AU - Elizarraras, John
AU - Hirschi, Khai
AU - Yeh, Jyh Haw
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/7/2
Y1 - 2017/7/2
N2 - Cybersecurity has become one of the largest growing fields in computer science and the technology industry. Faulty security has cost the global economy immense losses. Oftentimes, the pitfall in such financial loss is due to the security of passwords. Companies and regular people alike do not do enough to enforce strict password guidelines like the NIST (National Institute of Standard Technology) recommends. When big security breaches happen, thousands to millions of passwords can be exposed and stored into files, meaning people are susceptible to dictionary and rainbow table attacks. Those are only two examples of attacks that are used to crack passwords. In this paper, we will be going over three open-source password managers, each chosen for their own uniqueness. Our results will conclude on the overall security of each password manager using a list of established attacks and development of new potential attacks on such software. Additionally, we will compare our research with the limited research already conducted on password managers. Finally, we will provide some general guidelines of how to develop a better and more secure password manager.
AB - Cybersecurity has become one of the largest growing fields in computer science and the technology industry. Faulty security has cost the global economy immense losses. Oftentimes, the pitfall in such financial loss is due to the security of passwords. Companies and regular people alike do not do enough to enforce strict password guidelines like the NIST (National Institute of Standard Technology) recommends. When big security breaches happen, thousands to millions of passwords can be exposed and stored into files, meaning people are susceptible to dictionary and rainbow table attacks. Those are only two examples of attacks that are used to crack passwords. In this paper, we will be going over three open-source password managers, each chosen for their own uniqueness. Our results will conclude on the overall security of each password manager using a list of established attacks and development of new potential attacks on such software. Additionally, we will compare our research with the limited research already conducted on password managers. Finally, we will provide some general guidelines of how to develop a better and more secure password manager.
KW - Password authentication
KW - Password managers
UR - http://www.scopus.com/inward/record.url?scp=85046759469&partnerID=8YFLogxK
U2 - 10.1109/PDCAT.2017.00013
DO - 10.1109/PDCAT.2017.00013
M3 - Conference contribution
AN - SCOPUS:85046759469
T3 - Parallel and Distributed Computing, Applications and Technologies, PDCAT Proceedings
SP - 17
EP - 24
BT - Proceedings - 18th International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2017
A2 - Horng, Shi-Jinn
PB - IEEE Computer Society
T2 - 18th International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2017
Y2 - 18 December 2017 through 20 December 2017
ER -