Systematic Solutions to Login and Authentication Security: A Dual-Password Login-Authentication Mechanism

EasyChair Preprint 12859

Abstract

Credential theft and remote attacks are the most serious threats to authentication mechanisms. The crux of the problems is that we cannot control such behaviors. However, if a password does not contain user's secrets, stealing it is useless. If unauthorized inputs are disabled, the remote attacks can be invalidated. Thereby, credential secrets and input fields to our accounts can be controlled.

Rather than encrypting passwords, we design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. Subsequently, the authenticatable functionality of the login password and the typable functionality of the authentication password may be disabled or invalidated so that the credential theft and remote attacks can be prevented. Thus, the usability-security trade-off and password reuse are resolved; local storage of authentication passwords is no longer necessary.

More importantly, the password converter acts as an open hash algorithm, meaning that its intermediate elements can be used to define a truly unique identity of the login process to implement a novel dual-identity authentication. Particularly, the elements are concealed, inaccessible, and independent of any personal information, and therefore can be used to define a perfect unforgeable process identifier to identify and disable the unauthorized inputs.

Keyphrases: authenticatable, authentication password, dual-identity authentication, dual-password login-authentication mechanism, login password, process identity, typable

@booklet{EasyChair:12859,
  author    = {Yun Su and Mo Xi},
  title     = {Systematic Solutions to Login and Authentication Security: A Dual-Password Login-Authentication Mechanism},
  howpublished = {EasyChair Preprint 12859},
  year      = {EasyChair, 2024}}