Salty Secret: Let us secretly salt the secret

Abstract

Using password is, perhaps, still the most versatile method of securing secret and confidential information, even though several recent studies have pointed out possibility of breaching it. A general trend of having different passwords for several user accounts of the same user (such as multiple email accounts, multiple social networking accounts, etc.) can barely overcome the possibility as users mostly prefer retaining similarity among own passwords, which results in the possibility of breaching almost all passwords once only one password gets breached. Consequently, several research studies attempted to strengthen passwords. However, none of the studies is yet to get wide popularity for not being able to achieve a delicate balance between strength of password and user friendliness. To achieve this goal, we present a new password based authentication system in this paper. The proposed system is based on intermixing between a fixed text (conventional part of a password) and a free random text (newly added) at different pre-defined indices having different per-defined lengths. The addition of the free random text adds an additional level of difficulty in breaching the password. We present different variants of our proposed system along with their possible attack models. We demonstrate strength of our proposed system through rigorous analytical formulation and numerical simulation. Besides, we confirm achieving a delicate balance between strength of the password and user friendliness through performing real user evaluation.