Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

A common password method for protection of multiple accounts

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
2 Author(s)
Luo, H. ; AT&T Labs, Middletown, NJ, USA ; Henry, P.

This paper proposes a common password method for users who need to protect multiple accounts using passwords. It requires a user to remember only one password, called a common password, to access any of his/her accounts. Each account is protected by a different password, called a specific password. It is generated by a one-way hash function of an account-specific random number that is stored at the account server or a proxy in an encryption form, where the encryption key is derived from the common password. Compared with a convenient but insecure practice of using one or several passwords to protect multiple accounts, the common password method is convenient and secure. It assures that compromising one specific password does not reveal the common password and any other specific password. A Web-based implementation for the common password method is also presented in this paper. It employs a Web server to store every user's account identifiers and encrypted random numbers, and to supply them to the user in a Web page that contains a password calculator written in JavaScript. The user can compute a specific password using a Web browser on his/her computer for any application that requires password authentication.

Published in:

Personal, Indoor and Mobile Radio Communications, 2003. PIMRC 2003. 14th IEEE Proceedings on  (Volume:3 )

Date of Conference:

7-10 Sept. 2003