Password Generators: Old Ideas and New

  title={Password Generators: Old Ideas and New},
  author={Fatma Al Maqbali and Chris J. Mitchell},
Password generators that generate site-specific passwords on demand are an alternative to password managers. Over the last 15 years a range of such systems have been described. We propose the first general model for such systems, and critically examine options for instantiating it. The model enables an objective assessment of the design of such systems; it has also been used to sketch a possible new scheme, AutoPass, intended to incorporate the best features of the prior art while addressing… 

AutoPass: An automatic password generator

Unlike almost all previously proposed schemes, AutoPass enables the generation of passwords that meet important real-world requirements, including forced password changes, use of pre-specified passwords, and passwords meeting site-specific requirements.

Update-Tolerant and Revocable Password Backup

It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts, so a solution is to generate passwords randomly and store them, but keeping them up-to-date at the same time is an unsolved problem in practice.

Update-tolerant and Revocable Password Backup (Extended Version)

PASCO is presented, a backup solution for passwords that needs not to be updated, even when the user's password portfolio is changed, and can be revoked without having physical access to them.

Generating and Managing Secure Passwords for Online Accounts

The Password Assistance System (PAS), the first solution that is capable of handling the different password implementations of services, makes secure passwords usable for users by automation and comprehensive support and solves the password memorization problem by preserving passwords for users.

Just look at to open it up

This paper proposes to augment a common text password authentication interface to encrypted documents with a biometric facial identity verification providing highly personalized security mechanism based on pseudo-identities, enabling fine-tuning of false acceptance and false rejection rates.



Site-Specific Passwords

This note describes a procedure that produces a different password for each site from a single password provided by the account holder.

Digital Objects as Passwords

This work exploits the fact that many users now own or have access to a large quantity of digitized personal or personally meaningful content in designing an object-based password scheme called ObPwd, which may enable users to create and maintain high quality passwords.

Stronger Password Authentication Using Browser Extensions

We describe a browser extension, PwdHash, that transparently produces a different password for each site, improving web password security and defending against password phishing and other attacks.

PALPAS - PAsswordLess PAssword Synchronization

PAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally, is presented and a mechanism that automatically retrieves and processes the password requirements of services is presented.

Password Requirements Markup Language

A solution that enables generators to automatically create passwords in accordance with services' password requirements and a password generator which uses PRDs and requires nothing but a service' URL in order to generate a strong and valid password for the service.

The Usable Security of Passwords based on Digital Objects : From Design and Analysis to User Study ∗

Object-based Password (ObPwd) is proposed, leveraging the universe of personal or personally meaningful digital content that many users now own or have access to, and has good usability, with excellent memorability, acceptable login times, and very positive user perception.

Passwords: If We're So Smart, Why Are We Still Using Them?

While a lot has changed in Internet security in the last 10 years, a lot has stayed the same --- such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on

User Study, Analysis, and Usable Security of Passwords Based on Digital Objects

Object-based Password (ObPwd), leveraging the universe of personal or personally meaningful digital content that many users now own or have access to, is proposed, which converts user-selected digital objects to high-entropy text passwords.

A large-scale study of web password habits

The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site.

Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android

This work discusses the interoperation challenges, and implementation details, and interface details of the object-based password “ObPwd” mechanism, as implemented for the Android platform, plus compatible browser-based and stand-alone implementations for desktop environments.