Tapas: Design, Implementation, and Usability Evaluation of a Password Manager

Passwords continue to prevail on the web as the primary method for user authentication despite their well-known security and usability drawbacks. Password managers offer some improvement without requiring server-side changes. In this paper, the authors evaluate the security of dual-possession authentication, an authentication approach offering encrypted storage of passwords and theft-resistance without the use of a master password. They further introduce Tapas, a concrete implementation of dual-possession authentication leveraging a desktop computer and a Smartphone. Tapas require no server-side changes to websites, no master password, and protect all the stored passwords in the event either the primary or secondary device (e.g., computer or phone) is stolen.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Resource Details

Provided by:
Association for Computing Machinery
Topic:
Security
Format:
PDF