Abstract
It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts. A solution is to generate passwords randomly and store them. Yet, storing passwords instead of memorizing them bears the risk of loss, e.g., in situations where the device on which the passwords are stored is damaged, lost, or stolen. This makes the creation of backups of the passwords indispensable. However, placing such backups at secure locations to protect them as well from loss and unauthorized access and keeping them up-to-date at the same time is an unsolved problem in practice.
We present PASCO, a backup solution for passwords that solves this challenge. PASCO backups need not to be updated, even when the user’s password portfolio is changed. PASCO backups can be revoked without having physical access to them. This prevents password leakage, even when a user loses control over a backup. Additionally, we show how to extend PASCO to enable a fully controllable emergency access. It allows a user to give someone else access to his passwords in urgent situations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Blocki, J., Komanduri, S., Cranor, L.F., Datta, A.: Spaced repetition and mnemonics enable recall of multiple strong passwords. In: Proceeding of NDSS (2015)
Bonneau, J.: The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In: Proceeding of IEEE SP (2012)
Florêncio, D., Herley, C., van Oorschot, P.C.: Password portfolios and the finite-effort user: sustainably managing large numbers of accounts. In: Proceeding of USENIX Security Symposium (2014)
Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceeding of WWW (2005)
Horsch, M., Braun, J., Metz, D., Buchmann, J.: Update-tolerant and revocable password backup (extended version). CoRR, abs/1704.02883 (2017)
Horsch, M., Hülsing, A., Buchmann, J.: PALPAS - PAsswordLess PAssword synchronization. In: Proceeding of ARES (2015)
Horsch, M., Schlipf, M., Braun, J., Buchmann, J.: Password requirements markup language. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 426–439. Springer, Cham (2016). doi:10.1007/978-3-319-40253-6_26
Karole, A., Saxena, N., Christin, N.: A comparative usability evaluation of traditional password managers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 233–251. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24209-0_16
Kiesel, J., Stein, B., Lucks, S.: A large-scale analysis of the mnemonic password advice. In: Proceeding of NDSS (2017)
LastPass Corporate. LastPass Security Notification, June 2015. https://blog.lastpass.com/2015/06/lastpass-security-notice.html/
Al Maqbali, F., Mitchell, C.J.: Password generators: old ideas and new. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 245–253. Springer, Cham (2016). doi:10.1007/978-3-319-45931-8_16
Shay, R., Bauer, L., Christin, N., Cranor, L.F., Forget, A., Komanduri, S., Mazurek, M.L., Melicher, W., Segreti, S.M., Ur, B.: A spoonful of sugar?: The impact of guidance and feedback on password-creation behavior. In: Proceeding of CHI (2015)
Ziegler, D., Rauter, M., Stromberger, C., Teufl, P., Hein, D.M.: Do you think your passwords are secure? In: Proceeding of PRISMS (2014)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Horsch, M., Braun, J., Metz, D., Buchmann, J. (2017). Update-Tolerant and Revocable Password Backup. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-59870-3_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59869-7
Online ISBN: 978-3-319-59870-3
eBook Packages: Computer ScienceComputer Science (R0)