Client-Server Password Recovery

Date Added: Jun 2009
Format: PDF

Human memory is not perfect people constantly memorize new facts and forget old ones. One example is forgetting a password, a common problem raised at IT help desks. The authors present several protocols that allow a user to automatically recover a password from a server using partial knowledge of the password. These protocols can be easily adapted to the personal entropy setting, where a user can recover a password only if he can answer a large enough subset of personal questions. They introduce client-server password recovery methods, in which the recovery data are stored at the server, and the recovery procedures are integrated into the login procedures. These methods apply to two of the most common types of password based authentication systems.