Scramble the Password Before You Type It

摘要

Password is widely used for digital authentication. There are a few conflicting issues about password: A strong password must be a long string without obvious patterns; The safe and convenient way to store the password is to memorize it; People cannot remember strong passwords easily. To remember their passwords, people usually create weak passwords and reuse the passwords across sites. Password server is not secure as we hope for. Millions of hashed passwords were leaked and cracked in the last few years. It is important that people increase the password strength on the client side. In this work, we propose a mechanism that increases the password strength on the client side. A password and a few simple facts remembered by the user are used as input to create a strong password. The proposed mechanism also allows user to easily create strong password which is site-unique.