Mercury: Recovering Forgotten Passwords Using Personal Devices
Instead of allowing the recovery of original passwords, forgot-ten passwords are often reset using online mechanisms such as Password Verification Questions (PVQ methods) and password reset links in email. These mechanisms are generally weak, exploitable, and force users to choose new passwords. Emailing the original password exposes the pass-word to third parties. To address these issues, and to allow forgotten passwords to be securely restored, the authors present a scheme called Mercury. Its primary mode employs user-level public keys and a Personal Mobile Device (PMD) such as a smart-phone, netbook, or tablet.