The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems

Eva Anastasiadi; Eva Anastasiadi; Elias Athanasopoulos; Evangelos Markatos; Evangelos Markatos

doi:10.5220/0011276900003283

The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems

Eva Anastasiadi, Eva Anastasiadi, Elias Athanasopoulos, Evangelos Markatos, Evangelos Markatos

2022

Abstract

Over the last decade, we have seen a significant number of data breaches affecting hundreds of millions of users. Leaked password files / Databases that contain passwords in plaintext allow attackers to get immediate access to the credentials of all the accounts stored in those files. Nowadays most systems keep passwords in a hashed salted form, but using brute force techniques attackers are still able to crack a large percentage of those passwords. In this work, we present a novel approach to protect users’ credentials from such leaks. We propose a new architecture for the password file that makes use of multiple servers. The approach is able to defend even against attackers that manage to compromise all servers - as long as they do not do it at the same time. Our prototype implementation and preliminary evaluation in the authentication system of WordPress suggests that this approach is not only easy to incorporate into existing systems, but it also has minimal overhead.

Download

Paper Citation

in Harvard Style

Anastasiadi E., Athanasopoulos E. and Markatos E. (2022). The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 560-567. DOI: 10.5220/0011276900003283

in Bibtex Style

@conference{secrypt22,
author={Eva Anastasiadi and Elias Athanasopoulos and Evangelos Markatos},
title={The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={560-567},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011276900003283},
isbn={978-989-758-590-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - The Weakest Link: On Breaking the Association between Usernames and Passwords in Authentication Systems
SN - 978-989-758-590-6
AU - Anastasiadi E.
AU - Athanasopoulos E.
AU - Markatos E.
PY - 2022
SP - 560
EP - 567
DO - 10.5220/0011276900003283