Authors : R. V. Deshmukh; Purva Rajesh Petewar; Shailesh M. Rathod; Shreeya Dineshrao Bijwe; Vivek Dilip Pawar; Tushar Suresh Bondre

Volume/Issue : Volume 9 - 2024, Issue 11 - November

Google Scholar : https://tinyurl.com/3jcmkuct

Scribd : https://tinyurl.com/4jhew6kj

DOI : https://doi.org/10.38124/ijisrt/IJISRT24NOV975

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : In today’s digital era, the demand for a password manager app has become increasingly vital. With the growing number of online accounts, remembering multiple strong, unique passwords is both challenging and insecure. Passwords continue to prevail on the web as the primary method for user authentication despite their well-known security and usability drawbacks. A password is considered to be the first line of defence in protecting online accounts, but there are problems when people handle their own passwords, for example, password reuse and difficult to memorize. Password managers offer some improvement without requiring server-side changes. In this paper, we evaluate the security of dual-possession authentication, an authentication approach offering encrypted storage of passwords and theft-resistance without the use of a master password. Considering this need, we as a team are putting forth a proposal of a Password Manager satisfying security and usability through “Key-Master”, which is the ultimate password manager android application. Key-Master is designed to streamline the management of your digital credentials while ensuring robust security. This securely stores and organizes your passwords, generates strong and unique passwords for each account, and auto-fills login details across websites and applications. In this paper, we present a type of password manager that combines usability advantages of the naive password manager with protected storage. In response to the need of strong passwords management, "Key-Master" emerges as an innovative mobile application that can revolutionize the way users manage their passwords. Key- Master aims to simplify online security management and protect against unauthorized access, ensuring peace of mind for users navigating the digital world.

Keywords : Authentication, Security, Password Management, Auto-Fill, Usability.

References :

1. K. Bicakci, N. B. Atalay, and H. E. Kiziloz. Johnny in internet cafe: user study and exploration of password autocomplete in web browsers. In Digital Identity Management, 2011.
2. R. Biddle, S. Chiason, and P. C. van Oorschot. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys, 44(4):1–41, 2012.
3. H. Bojinov, E. Bursztein, X. Boyen, and D. Boneh Kamouflage: Loss-resistant password management. In ESORICS, 2010.
4. J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In IEEE Symposium on Security and Privacy, 2012
5. J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In IEEE Symposium on Security and Privacy, 2012.
6. X. Boyen. Halting password puzzles – hard-to-break encryption from human-memorable keys. In USENIX Security, 2017.
7. S. Chiasson, P. C. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In USENIX Security, 2012.
8. S. Gaw and E. W. Felten. Password management strategies for online accounts. In SOUPS, 2016.
9. J. A. Halderman, B. Waters, and E. W. Felten. A convenient method for securely managing passwords. In WWW, 2015.
10. T. Halevi and N. Saxena. On pairing constrained wireless devices based on secret of auxiliary channels: the case of acoustic eavesdropping. In CCS, 2010.
11. C. Herley. So long, and no thanks for the externalities: the rational rejection of security advice by users. In NSPW, 2019.
12. C. Herley and P. C. van Oorschot. A research agenda acknowledging the persistence of passwords. IEEE Security & Privacy, 10(1):28–36, 2012.
13. Karole, N. Saxena, and N. Christin. A comparative usability evaluation of traditional password managers. In ICISC, 2011.
14. M. Mannan and P. van Oorschot. Digital o bjects as passwords. In HotSec, 2018.
15. B. Parno, C. Kuo, and A. Perrig. Phoolproof phishing prevention. In Financial Cryptography, 2016.
16. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In USENIX Security, 2015.
17. N. Saxena and J. H. Watt. Authentication technologies for the blind or visually impaired. In HotSec, 2016.
18. K.-P. Yee and K. Sitaker. Passpet: convenient password management and phishing protection. In SOUPS, 2013.
19. Rui Zhao, Chuan Yue and Kun Sun, ”Vulnerability and Risk Analysis of Two Commercial Browser and Cloud Based Password Managers”, http://inside.mines.edu/ ruizhao/Docs/Papers/bcpmsPAS-SAT2013 Jour.pdf
20. Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, ”A Usability Study and Critique of Two Password Managers”, Proceedings of the 15th Conference on USENIX Security Symposium, 15(1), 2019.
21. Shirley Gaw and Edward W. Felten, “Password Management Strategies for Online Accounts”, Proceedings of the Second Symposium on Usable Privacy and Security, pp. 44-55, 2016.
22. Scott Standridge, “Password Management Applications and the Practices”, https: //www.sans.org/readingroom/whitepapers/bestprac/password-management-applications-practices-36.
23. H. Luo and P. Henry, “A common password method for protection of multiple accounts”, 14th IEEE Proceedings on Personal, Indoor and Mobile Radio Communications, Vol. 3, pp. 2749-2754, 2020.
24. E. Derr, S. Bugiel, S. Fahl, Y. Acar, and M. Backes, “Keep me Updated: An Empirical Study of Third-Party Library Updatability on Android,” in ACM Conference on Computer and Communications Security (CCS), 2017.
25. P. A. Grassi, J. L. Fenton, E. M. Newton, R. A. Perlner, A. R. Regenscheid, W. E. Burr, J. P. Richer, N. B. Lefkovitz, J. M. Danker, Y.-Y. Choong, K. K. Greene, and M. F. Theofanos, “NIST Special Publication 800-63b: Digital Identity Guidelines,” National Institute of Standards and Technology (NIST), 2017.
26. J. Tan, L. Bauer, N. Christin, and L. F. Cranor, “Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements,” in ACM Conference on Computer and Communications Security (CCS), 2020.
27. R. Shay, S. Komanduri, A. L. Durity, P. Huh, M. L. Mazurek, S. M. Segreti, B. Ur, L. Bauer, N. Christin, and L. F. Cranor, “Designing Password Policies for Strength and Usability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 4, pp. 1–34,2016.
28. Microsoft, “Enforce password history,” https://docs.microsoft.com/enus/windows/security/threatprotection/security-policy settings/enforce-password-history, 2021.
29. J. Tan, L. Bauer, N. Christin, and L. F. Cranor, “Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements,” in ACM Conference on Computer and Communications Security (CCS), 2020.
30. B. Ur, J. Bees, S. M. Segreti, L. Bauer, N. Christin, and L. F. Cranor, “Do Users’ Perceptions of Password Security Match Reality?” in ACM CHI Conference on Human Factors in Computing Systems (CHI), 2016.
31. P. Mayer, J. Kirchner, and M. Volkamer, “A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016,” in USENIX Symposium on Usable Privacy and Security (SOUPS), 2017.
32. D. Florˆencio and C. Herley, “Where Do Security Policies Come From?” in USENIX Symposium on Usable Privacy and Security (SOUPS), 2010.
33. S. Preibusch and J. Bonneau, “The Password Game: Negative Externalities from Weak Password Practices,” in International Conferen- ce on Decision and Game Theory for Security (GameSec), 2010.
34. J. Bonneau and S. Preibusch, “The Password Thicket: Technical and Market Failures in Human Authentication on the Web,” in Workshop on the Economics of Information Security (WEIS), 2010.
35. D. Wang and P. Wang, “The Emperor’s New Password Creation Policies,” in European Symposium on Research in Computer Security (ESORICS), 2015.
36. R. Balebako, A. Marsh, J. Lin, J. I. Hong, and L. F. Cranor, “The Privacy and Security Behaviours of Smartphone App Developers,” in Usable Security and Privacy Symposium (USEC), 2014.
37. S. Bartsch, “Practitioners’ Perspectives on Security in Agile Development,” in International Conference on Availability, Reliability and Security (ARES), 2019.
38. M. Christakis and C. Bird, “What Developers Want and Need from Program Analysis: An Empirical Study,” in IEEE/ACM International Conference on Automated Software Engineering (ASE), 2016.
39. S. Turpe, L. Kocksch, and A. Poller, “Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team,” in USENIX Symposium on Usable Privacy and Security (SOUPS), 2019.
40. J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In IEEE Symposium on Security and Privacy, 2020.