Mercury: Recovering Forgotten Passwords Using Personal Devices

Instead of allowing the recovery of original passwords, forgot-ten passwords are often reset using online mechanisms such as Password Verification Questions (PVQ methods) and password reset links in email. These mechanisms are generally weak, exploitable, and force users to choose new passwords. Emailing the original password exposes the pass-word to third parties. To address these issues, and to allow forgotten passwords to be securely restored, the authors present a scheme called Mercury. Its primary mode employs user-level public keys and a Personal Mobile Device (PMD) such as a smart-phone, netbook, or tablet.

Provided by: University of Toronto Topic: Security Date Added: Dec 2010 Format: PDF

Find By Topic