The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems
Eva Anastasiadi, Eva Anastasiadi, Elias Athanasopoulos, Evangelos Markatos, Evangelos Markatos
2022
Abstract
Over the last decade, we have seen a significant number of data breaches affecting hundreds of millions of users. Leaked password files / Databases that contain passwords in plaintext allow attackers to get immediate access to the credentials of all the accounts stored in those files. Nowadays most systems keep passwords in a hashed salted form, but using brute force techniques attackers are still able to crack a large percentage of those passwords. In this work, we present a novel approach to protect users’ credentials from such leaks. We propose a new architecture for the password file that makes use of multiple servers. The approach is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time. Our prototype implementation and preliminary evaluation in the authentication system of WordPress suggests that this approach is not only easy to incorporate into existing systems, but it also has minimal overhead.
DownloadPaper Citation
in Harvard Style
Anastasiadi E., Athanasopoulos E. and Markatos E. (2022). The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 560-567. DOI: 10.5220/0011276900003283
in Bibtex Style
@conference{secrypt22,
author={Eva Anastasiadi and Elias Athanasopoulos and Evangelos Markatos},
title={The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={560-567},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011276900003283},
isbn={978-989-758-590-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems
SN - 978-989-758-590-6
AU - Anastasiadi E.
AU - Athanasopoulos E.
AU - Markatos E.
PY - 2022
SP - 560
EP - 567
DO - 10.5220/0011276900003283