Hardening the Virtual Password Authentication Scheme

摘要

Although Internet has become one of most important parts and mostly needed by societies, that does not mean Internet is a safe place to share sensitive data. One of many unsolved Internet attacks is key-logger which is used to steal victim's data such as passwords. Researchers have done a lot of research to overcome these attacks. However, the authentication system still lacks password complexities which can be compromised with short cracking time and limited generated passwords. Therefore, we proposed a virtual password method that has the following rules: i) has minimum and maximum limit of password and ii) the generated passwords are not limited only to letters, but also numbers and symbols. With those rules, by using Kaspersky Lab secure password measurement, the cracking time can be significantly increased to 9 centuries on the conficker botnet with 10 million cores of processors. Moreover, by using Password Meter the proposed method gets score of 171.