Dissuading Stolen Password Reuse

摘要

The whole security community agreed on the fact that login and password based authentication systems are one of the weakest point of the current systems. Despite this global consensus password based credentials are still the most used identification and authentication method used on internet. One of the main reason for this weakness is due to the password leak phenomena. For several reasons (described in this paper) password databases are frequently leaked and shared publicly. Once these passwords it will be very hard for a user to protect his digital life, especially if this password is used in several websites (what we call domino effect). In this paper we propose a solution to reduce the attempts for replaying stolen passwords. We measure the efficiency of this solution via a deployment and the analysis on a fake website exposed to a fake password leak.