1 research outputs found
Towards a framework for security analysis of multiple password schemes
In this paper, we provide a security analysis for generic
authentication systems in which users have multiple passwords (or
personal questions) and the system asks some of them to grant
access. We analyze two schemes. In the first one, only one
password is asked out of the password set of the user in order to
access the system. In the second scheme, two passwords are asked
to gain access to the system. We assume existence of an attacker
who is capable to eavesdrop on the authentication channel and
crack passwords with a certain probability. We derive analytical
formulations for impersonation probabilities and compare the
security provided by both schemes. The results of our analysis
imply that asking more passwords for authentication does not
necessarily mean a strengthened security; in fact it may carry a
higher risk of impersonation as compared to asking less
passwords when the passwords are aged