Amnesia: A Bilateral Generative Password Manager

Abstract

While numerous flaws have been recognized in using passwords as a method of authentication, passwords still remain the de-facto authentication standard in use today. Though password managers can ameliorate password fatigue, the vast majority of password managers require the user to choose and maintain a strong master password while offering little to no recourse in the event that the master password is compromised. The wide-application of cloud-based password managers congregate passwords in an encrypted database, which becomes an attractive target for attackers and also represents a single point of failure. In this paper, we propose Amnesia, a bilateral generative password manager that requires both the knowledge of the master password and the possession of the user's smartphone to generate website passwords for the user. Our generative password manager is not vulnerable to the password database leakage, since it generates the requested password on demand using both the master password and the secret information on the smartphone. An attacker wishing to steal the user's website passwords has to compromise both the user's smartphone and the master password. Amnesia also has strong recovery capability when either the master password is compromised or the smartphone is lost/stolen. By using an Amnesia server, a user can have the access to the password manager on multiple computers without installing any software on those computers. We implemented an Amnesia system prototype using Android and Cherrypy web framework and evaluated it in terms of security, usability, and overhead. A user study of 31 testers shows that Amnesia increases password security while maintaining reasonable user convenience.