Panic Passwords: Authenticating Under Duress
As important services and sensitive data congregate online, attackers have an increasing incentive to obtain the passwords that protect these services and data. Panic passwords allow a user to signal duress during authentication. The authors show that the well-known model of giving a user two passwords, a 'Regular' and a 'Panic' password, is susceptible to iteration and forced-randomization attacks, and is secure only within a very narrow threat model. They expand this threat model significantly, making explicit assumptions and tracking four parameters. They also introduce several new panic password systems to address new categories of scenarios.