Towards a framework for security analysis of multiple password schemes

In this paper, we provide a security analysis for generic authentication systems in which users have multiple passwords (or personal questions) and the system asks some of them to grant access. We analyze two schemes. In the first one, only one password is asked out of the password set of the user in order to access the system. In the second scheme, two passwords are asked to gain access to the system. We assume existence of an attacker who is capable to eavesdrop on the authentication channel and crack passwords with a certain probability. We derive analytical formulations for impersonation probabilities and compare the security provided by both schemes. The results of our analysis imply that asking more passwords for authentication does not necessarily mean a strengthened security; in fact it may carry a higher risk of impersonation as compared to asking less passwords when the passwords are aged