Abstract:
Text password is a very common user authentication technique. Users face a major problem, namely that of managing many site-unique and strong (i.e. non-guessable) passwords. One way of addressing this is by using a password generator, i.e. a client-side scheme which generates (and regenerates) site-specific strong passwords on demand, with minimal user input. This paper gives a detailed specification and analysis of AutoPass, a novel password generator scheme. AutoPass has been designed to address issues identified in previously proposed password generators, and incorporates novel techniques to address these issues. Unlike almost all previously proposed schemes, AutoPass enables the generation of passwords that meet important real-world requirements, including forced password changes, use of pre-specified passwords, and passwords meeting site-specific requirements.