Generating and Managing Secure Passwords for Online Accounts

摘要

User accounts at Internet services contain a multitude of personal data such as messages, documents, pictures, and payment information. Passwords are used to protect these data from unauthorized access. User authentication based on passwords has many advantages for both users and service providers. Users can use passwords across many platforms, devices, and applications and do not need to carry an additional device. Service providers can implement password-based user authentication with little effort and operate it with low cost per user.ududHowever, passwords have a key problem: the conflict between security and ease of use. For security reasons, passwords must be attack-resistant, individual for each account, and changed on a regular basis. But, these security requirements make passwords very difficult to use. They require users to create and manage a large portfolio of passwords. This poses three problems: First, the generation of attack-resistant passwords is very difficult. Second, the memorization of many passwords is practically impossible. Third, the regular change of passwords is very time-consuming. These problems are aggravated by the different password requirements, interfaces, and procedures of services. The preservation of passwords for users such as storing passwords on user devices mitigates the memorization problem, but it raises new problems: the confidentiality, availability, recoverability, and accessibility of the preserved passwords. Despite decades of research, the problems of passwords are not solved yet. Consequently, secure passwords are not usable in practice. As a result, users select weak passwords, use them across accounts, and barely change them.ududIn this thesis, we introduce the Password Assistance System (PAS). It makes secure passwords usable for users. This is achieved by automation and comprehensive support. PAS covers all aspects of passwords. It generates, preserves, and changes passwords for users as well as ensures the confidentiality, availability, recoverability, and accessibility of the preserved passwords. This reduces the efforts and activities of users to deal with passwords to a minimum and thus enables users to practically realize secure passwords for their online accounts for the first time.ududPAS is the first solution that is capable of handling the different password implementations of services. This is achieved by a standardized description of password requirements, interfaces, and procedures. Moreover, PAS is solely realized on the user-side and requires no changes on the service-side. Both features ensure the practicability of PAS and make it ready to be used.ududPAS solves the password generation problem by creating attack-resistant, individual, and valid passwords for users automatically. Users just need to provide the URL of a service to generate an optimal password for an account. Our uniform description of password requirements provides the information to generate passwords in accordance with the individual password requirements of services. PAS is able to generate the requirements descriptions automatically by extracting the password requirements of services from their websites. So far, this was done for 185,696 services. Moreover, PAS is equipped with an optimal password-composition rule set for the event that services do not explicitly state their password requirements, which is the usual case. By means of the optimal rule set, PAS also generates attack-resistant passwords with the best possible acceptance rate in case of unknown password requirements.ududPAS solves the password memorization problem by preserving passwords for users. This releases users from memorizing their passwords and facilitates to use individual passwords for accounts. PAS makes users' password portfolios available on all their devices as well as automatically synchronizes changes. PAS achieves this without storing passwords at servers so that an attacker cannot steal them from servers. Moreover, PAS provides a backup solution to recover the preserved passwords in case of loss. Users need to create backups only once and do not have to update them even when their password portfolios change. Consequently, users can keep backups completely offline at secure, different, and physically isolated locations. This minimizes the risk of compromise and loss as well as enables an emergency access to the passwords for trusted persons. Moreover, PAS has a built-in revocation mechanism. It allows users to completely invalidate devices and backups in case they lose control over them. This guarantees that no passwords can be stolen from lost user devices and backups once revoked. Users always have full control of their passwords.ududPAS solves the password change problem by changing passwords automatically for users. Users neither need to create new passwords nor manually log in to their accounts. Our uniform description of password interfaces and procedures provides the information to change passwords at arbitrary services. Moreover, PAS is the first solution that provides autonomous password changes. It changes passwords on a regular basis with respect to the security level of passwords as well as immediately after PAS detects a compromise of users' passwords.ududThe practicability of PAS is demonstrated by an implementation. The individual components of PAS can be used independently, integrated into other applications, and combined to a single user application, called a password assistant.ududIn summary, this thesis presents a solution that makes secure passwords usable. This is done by automation and comprehensive support in the generation and management of passwords.