Content uploaded by George Hatzivasilis
Author content
All content in this area was uploaded by George Hatzivasilis on Mar 25, 2021
Content may be subject to copyright.
Password Management: How Secure Is Your Login
Process?
George Hatzivasilis1, 2 [0000-0002-2213-7759]
1 Foundation for Research and Technology, Heraklion, Greece
hatzivas@ics.forth.gr
2 Department of Electrical and Computer Engineering, Hellenic Mediterranean University
(HMU), Heraklion, Greece
hatzivas@hmu.gr
Abstract. Pairs of usernames and passwords are widely used nowadays by mo-
bile and web applications to identify users. The exposure of this data harms
both users and vendors. The client-server model is the most common. The pro-
vided services implement front-end interfaces that run on the client’s side and
back-end interfaces that run on the server side. A proper password management
policy administrates the password creation, storage, processing, and transmis-
sion in both ends. This article overviews the theory and provides a practical
guide for password management and implementation of a safe login process for
mobile and web application developers, and IT organizations. An empirical re-
search and several case studies are surveyed for the password habits of three
universities, an army school, an IT company, and two accounting offices in the
province of Crete in Greece. Moreover, a software benchmark analysis is con-
ducted for the computational demanding primitives of the secure login opera-
tions.
Keywords: Login, password management, password hashing, empirical study,
PHC, BYOD, OAuth
1 Introduction
Usernames and passwords continue to form the main mean of user authentication in
computers (e.g. [1]-[3]). Mobile and web applications process high volumes of them
every day in order to manage and facilitate the provided personalized functionality to
their users.
However, poor password protection practices ([4]-[5]) expose high mounts of user
accounts. Such disclosure operations harm the software vendor’s market value ([6]-
[7]) and the confidence of the legitimate user, like in the cases of LinkedIn [8] and
Sony PlayStation [9].
Every user nowadays holds dozens of electronic accounts with relevant
username/password pairs that are hard to get remembered. Thus, the typical user ap-
plies easily memorable ways to create this information [10]. This fact results in low-
entropy secrets and enables fast on-line guessing attacks or off-line cracking.
2
On-line guessing attacks takes advantage of the login or password alter/reset ser-
vices. The attacker tries to guess the user information, consulting the people’s habits
in forming these secrets. The problem is generally circumscribed by policies that en-
force users to create high entropy passwords and robust password processing opera-
tions.
Moreover, many vulnerabilities are usually located at the service provider side. At-
tackers may infiltrate the system and gain access to the stored data. Analysis discloses
the username/password pairs, exposing the account information (e.g. [11]-[13]).
Password hashing techniques constitute the main mean for concealing the stored user-
related information. However, the evolution of parallel computing enables several
attacks in password hashing cracking [14]. The Password Hashing Competition
(PHC), held in 2013-2015, proposed state-of-the-art solutions with memory-hard
structures or other operations that provide protection [15], [16].
In this article, real case studies are reported from an empirical study in the public,
private, and military sectors, revealing practical and essential problems of establishing
secure password management services. Thus, a guide of password management for
developers is recommended to enhance the provided protection of feature applications
and login operations. A software benchmark analysis is also conducted for the 5 PHC
finalists and the 3 mainstream password hashing solutions. The state-of-the-art solu-
tions in terms of security and performance are then indicated and mapped for mobile,
web, or other applications.
The rest of the paper is structured as follows: Section 2 overviews the details of the
empirical study. Section 3 presents the information theory concerning the entropy of
passwords. Section 4 describes the process for storing password-related information
as well as the password hashing primitives. Section 5 discusses the implication of
mobile applications and the necessity for BYOD policies. Section 6 summarizes the
operation of OAuth 2.0. Section 7 summarizes a benchmark for related technologies
and Section 8 concludes this work. Appendix I mentions the specific question sets
that were used for the empirical study, evaluating the password-related habits of sim-
ple users and administrators.
2 Empirical study
The anonymous empirical study includes 200 university students and staff, 50 mili-
tary personnel, and 40 IT and accounting employees. The respondents were asked
relevant questions during an oral interview. All participants answer questions regard-
ing their password habits as users. Moreover, 20 of them who are working on the
relevant IT help desks as administrators are also asked about the password manage-
ment policies that are applied by the organizations. The question sets and the answers
are detailed in the Appendix I and Table 2 and Table 3 for users and administrators,
respectively.
The empirical study reveals that an average user nowadays possesses around 50-70
accounts. As most people do not realize this high volume of information that they
3
owned, they utilize simple and convenient ways to administrate it. The high majority
of 98% ignores the password management software solutions and does not use any.
Moreover, users do not update their passwords in a regular basis. If a default pass-
word is assigned by the service provider when a new account is established (e.g. uni-
versity e-mails), the user does not change it unless it is forced to (e.g. change the
password during the first login). In general, a user may alter the password by his own
will when security incidents on popular services become known.
To create a password, the user complies with the least requirements that are en-
forced by the service. On average, the user utilizes three username/password pairs,
with low deviation among them. One of them is the favourite one and is tried to get
assigned in all cases. When the relevant username is already registered in the service
by another user, one of the other pairs is inputted. The infiltration of social media in
our ordinary lives led to the creation of fake or clone cyber-identities. The 73% of the
users creates around 2-3 redundant identities with relevant username/password pairs.
More specialized results, real case studies or failed policies, and other useful con-
clusions are reported in the following sections, discussing specific issues of password
management and login processes.
3 Entropy
Passwords are user-memorable secrets that consist of several printable characters
[10]. A pair of the user’s identity with a relevant secret password, authenticates each
active account during the login process.
An exhaustive search attack tries out all character combinations until the right
password for a username is found. Then, the attacker owns the account as the legiti-
mate user does. The ordinary option for safe user-login services is passwords of 8
characters long (8 bytes with ASCII encoding). Even a password with 6 random digits
would be sufficient for many attacks, as it would take 2(6*8) = 248 tries, resulting in
about 8890 years with 1000 guesses per second. However, the user-originated secrets
might exhibit low entropy. This fact facilitates attacks with lower computational
complexity than the exhaustive search.
The ordinary policy of creating safe passwords with adequate entropy imposes
that the secret must contain at least three of the following character sets: lower- and
upper-case letters (i.e. a-z, A-Z), numbers (i.e. 0-9), and symbols (e.g. $, @, !). Alt-
hough this policy seems sufficient for many applications, weak passwords can still be
produced [17].
The empirical study reveals such weaknesses. The case of the on-line tax and cus-
tom services system of Greece, called Taxisnet, is such an example. The system was
implemented with high security and privacy standards, and was supported by the Eu-
ropean commission’s eGoverment initiatives. A serious problem regarding password
entropy occurred during the establishment of the users’ records. Most citizens bestow
their tax ministration on accounting offices. The accountants deal with the bureaucra-
cy and create the Taxisnet accounts for their customers. However, instead of follow-
ing a password safe policy, they perform an archiving strategy to accelerate the pro-
4
cess and easy their later accounting operation of accessing the system in regard of
their clients.
For this study, the password establishment of two accounting offices in Greece are
evaluated. For the username, the first office uses the prefix user, the customers last
name, and the initial letter of the first name (with English characters), while the sec-
ond office concatenates the last name with the 3-5 first letters of the first name. For
the password, the first office applies the client’s initials with the tax identification
number (ten digits long) appended with 0 and the second office inputs the tax ID, the
2 first letters of the last name, and the initial letter of the first name. Although the
passwords are 13 characters long and comply with the safe password policy, the
passwords exhibit quite low entropy and can be even reproduced in a deterministic
manner along with the relevant username. However, the aforementioned policies of
the two evaluated accounting offices are not exceptional but indicative for many ac-
counting offices, as such simple and easily-understood examples where utilized dur-
ing the demonstration and training sessions by several regional economic champers.
In 2012, the Greek police arrested a hacker for possessing and selling around 9 mil-
lion Taxisnet accounts (Greece’s population is 11 million) in the black market [18].
The accounts could have been disclosed by on-line guessing attacks that exploit such
low-entropy passwords.
According to best practices and security experts’ suggestions, the avoid-list
for building secure passwords includes:
The default passwords that are automatically produced by the service provide dur-
ing the account creation, like admin, user, guest, default, and password
The dictionary words, such as dragon, sandbags!, and AppleTree, including words
of non-English languages
Words with appended numbers: password1, secteam2017, George85, etc., as they
are easily tested automatically with little effort
Words with simple obfuscation: p@ssw0rd, r@bb1t, @dm1n etc., are also tested
automatically with little additional effort
Repeated words or characters: useruser, passpass, aaaabbbb etc
Common sequences from a keyboard or mobile device’s virtual-keyboard row:
qwerty, asdfgh, abcdef, 12345, etc
Numeric sequences based on well-known numbers such as 314159 and 27182 (for
pi and e respectively) or dates like 9/11/2011
Identifiers like computer123, 01/08/2017, or the account’s username
Any personal information that is related with the account owner: relatives or pets
(e.g. names, nicknames, initials, birthdays), student or other IDs, birthday or anni-
versary dates, Birthplace or favourite holiday, sports team, addresses, telephone
numbers, vehicle or license plate numbers, and social security number which can
be easily deduced automatically after a simple investigation of person’s public in-
formation.
Most of these examples utilize simple patterns which exhibit low entropy, ena-
bling efficient automatic attacks.
The main security property of a safe password is high entropy, similarly to a com-
plete random one, along with the exclusion of patterns that are related with the user.
5
When high security is the target, the application must additionally measure the entro-
py of the account credentials and reject weak passwords. As suggested by many secu-
rity experts, the guidelines for strong passwords include:
At least 12-14 characters long secrets
At least on digit of the four character sets: lower and upper case letters, numbers,
and symbols
Prevent biographical information, user-related information, dictionary words, digit
repetition, keyboard patterns, letter or number sequences
Prevent combinations of the above-mentioned restrictions
Prevent element patterns that might become associated with the user via infor-
mation that is either publicly known or known to other acquaintances
and if possible, generate random passwords and avoid using a password more than
once
Newer trends of user-drawn graphical passwords [19]-[21] also exhibit low-
entropy properties, offering an average security of 4-5 bytes [22]. Map-based pass-
words could produce better results [23]-[24].
4 Storage and Password Hashing
4.1 Stored Information
In many occasions the account-related information is stored in plaintext without any
protection at the service provider side. Thus, an attacker that gains access to the back-
end infrastructure obtains the credentials of all users without further effort.
Key stretching is the typical method for protecting against cracking attacks. Cryp-
tographic hash functions constitute a cryptographic primitive type that parses input of
arbitrary size and produces a fixed-length digest. In the password hashing domain,
hash functions process the password and produce a fixed-length output, which now
acts as the password. The result is longer than the original password (e.g. 32 or 64
bytes), making the attacks less feasible. The hashed password is further fortified by
iterating the hash function several times. Thus, the attacker is slowed down by a fac-
tor of 2n+m, where n is the number of the iterations and m is the number of the output
bits. However, the user is also slowed down. The parameters of key stretching are
bounded by the user’s tolerance to compute a robust hash password.
If two or more users have the same password, they will result the same hashed
password too. The disclosure of this information for one of these users could raise
security issues for the rest ones. The problem is exponentially evolved as many users
utilize the same password in many different services. To prevent the correlation of
hashed passwords that are created by the same password, a small parameter of ran-
dom bytes, called salt, is utilized. Thus, the same password produces different hashes
for different users or services. The salt hardens attacks with precomputed data. The
attacker tries hundreds of possible matches (dictionary attacks) or uses tables with
precomputed hashes (rainbow table attacks) in order to guess or correlate the legiti-
mate password information [11]-[12]. The typical sizes for salt are 8-16 bytes. It is
6
generated when the user account is created and is concatenated with the password
during hashing. Normally, it is stored in plaintext along with the hashed password.
The authentication procedure uses the salt to validate the password of a login request.
Except from the salt, an additional random parameter, called pepper, can be used.
The pepper takes a value from a constrained and small set, like a number from 0 to 5,
but in contrast to the salt, it is not stored anywhere. Ordinary, the pepper is one-byte
long. When a password-hashing operation is performed, a randomly selected value
from the set is appended to the hashed data. During the login phase, the process vali-
dates the user in different verification attempts, where the input data are examined
along with all pepper values, checked one-by-one while trying to figure out the cor-
rect setting. If all attempts fail, the login information is incorrect. The computational
complexity of the account verification is increased in the server side according to the
number of the different pepper values. The user login operation is delayed, but simi-
larly, the attacker’s cracking capabilities are further slowed down.
The simple use of cryptographic functions, where the passwords are hashed before
being stored, is considered outdated. The hash functions are susceptible to cryptanaly-
sis attacks, which in the password management field, results in aforementioned at-
tacks that utilize precomputed data.
Thus, more advanced password hashing schemes (PHS) are proposed, like the
PBKDF2, Bcrypt, and Scrypt, that derive the ordinary attacks computational infeasi-
ble. A study in mobile application security [25] (i.e. on iOS and BlackBerry) reveals
that most popular applications provide low password protection. The high majority of
them simply hash the user data with SHA2 or MD5 while only a small number of
them utilizes PBKDF2. Similar practices can be observed for web applications. An
analysis in 150 sites [26] shows that 29% of them store the password in plaintext and
do not hash the passwords at all.
This empirical study exhibits similar results. The university emails now provide
adequate security as they constitute popular target for attackers. The private compa-
nies focus on the main functionality of a service, with the limited budget on security
resulting in low protection. The military services provide high protection, following
NATO [27] design guidelines.
However, the modern parallel computing architectures and the dedicated hardware
platforms, enhance the cracking capabilities and enable more efficient attacks [11]-
[12]. Password crackers try out several attempts in parallel on GPUs, FPGAs, and
ASICs, gaining a significant boost in disclosing the user information. PBKDF2 and
Bcrypt are vulnerable to such attacks due to their low memory requirements.
The newer trend are memory-hard PHSs. The parallel platforms have limited
memory resources and on dedicated hardware the memory is considered expensive.
Thus, for a PHS with high memory requirements, the cracker makes significantly less
parallel attempts as every parallel element must have access to the platform’s
memory.
The defender adjusts the memory and computational requirements of the PHS to
design secure and usable schemes. The goal is to render the password scrambling on
parallel cores not much faster than it is on a single core. Scrypt implements this ap-
proach. It is estimated that the cost of a hardware brute force attack is around 20000
7
and 4000 times larger than in PBKDF2 and Bcrypt respectively [28]. However,
Scrypt and other memory-hard PHSs may be vulnerable to cache memory attacks. A
spy process that runs on the same machine can gather memory-access patterns by
measuring cache-timings [11]. The analysis empowers attacks with low memory for
each parallel core. The huge memory block that is allocated during the password hash
computation, is later ends up as a garbage. In garbage-collector attacks [12] the at-
tacker correlates an obtained secret hash with the memory content that is collected
after the PHS termination.
The Password Hashing Competition (PHC) conducted in 2013 to counter these is-
sues and deploy modern and secure schemes for password hashing [15]. In 2015, the
winner and other 4 finalists with special recognition were promoted, based on securi-
ty, efficiency, and the extra deployed features. They will be further examined by
NIST and other organizations in order to become the new standards in the field. Fig. 1
illustrates the winning PHC scheme Argon2. The other finalists are the Catena, Lyra2,
MAKWA, and Yescrypt. Moreover, poly password hashing schemes with k-threshold
encryption are proposed for constrained embedded systems to balance performance
and security [29].
Fig. 1. The single-pass Argon2 PHS
4.2 Login process
Web and mobile applications serve thousands of users. The server maintains the au-
thentication data for all users and must respond to high volumes of simultaneous login
requests from clients. In every transaction, the password must not be transmitted in
plaintext (e.g. transmission of the password from the user’s browser to the applica-
tion’s server or confirmation e-mail with the new password from the server to the
user), otherwise the security may be lost. The Transport Layer Security (TLS) proto-
col is the most common solution for cryptographic communication. The server is
authenticated and the password is encrypted. The RFC standard Secure Remote Pass-
8
word (SRP) protocol functions upon TLS and further prevents dictionary attacks by
eavesdroppers [26].
However, on-line guessing attacks are applicable here [13]. The guesses that an
attacker makes can be bounded, by limiting the total number of failed login attempts.
For example, a password is disabled and requires a reset after some consecutive failed
logins (i.e. 3-5 tries). The user may also be enforced to change his password after a
large number of failed guesses that are interspersing between the legitimate logins
(e.g. 30 bad guesses). However, in both cases, the login-inspection parameters must
be securely stored and processed in order to avoid their manipulation by an attacker.
Another defense strategy introduces a delay, a CAPTCHA or another human in-
teraction proof [30] between login submissions to slow down automated-guessing
attacks. The exploit time can be increased drastically, rendering on-line attacks ineffi-
cient, and as a consequence, improving the lifetime of the legitimate passwords.
Moreover, the error message of a failed login attempt must not reveal if the problem
was in the username, the password, or both.
The user may need to alter a password, either because it is compromised or as a
precautionary measure. The system must provide a safe way to change it. To prevent
attackers from arbitrarily changing passwords, the reset-password services must veri-
fy the user’s identity, for example, by requesting the current password. Similar restric-
tive strategies as for the bad login guesses can be applied here.
Due to the automatic-login capabilities of the modern web and mobile applica-
tions, it has become very common nowadays for the users to forget their passwords
and not being able to enter the system. The typical method to authenticate such users
is by asking questions and comparing the answers to ones previously stored (i.e.,
when the account was created) [31]. However, some question sets ask for personal
information that may be public (e.g. favourite movie, best teacher) or account usage
data that can be inferred by social networks analysis (e.g. frequent or last contacts).
Thus, it is recommended the users to give false answers and the developers to permit
users making up their own questions.
Password-ageing policies impose that the password must be altered in a periodic
basis (i.e. monthly or annually) to conceal security against adversaries that have ob-
tain a subset of the currently legitimate passwords. The process is mainly implement-
ed for organizations that process classified information, like military and embassy
agencies. The associated office informs the employees to change the passwords when
the active period expires. The safe-reset functionality can be utilized for this purpose
by the service provider [32].
The different examined organizations of this empirical study exhibit diverse
password-ageing policies. For the academic society, the computing center office in-
forms all partners via e-mail about changing their account secrets in an annual basis.
The alternation is optional. In the private sector, no specific policy is enforced and the
passwords are modified in an arbitrary manner. In the military school, the passwords
are altered every three months. A massage is prompted automatically five days before
the expiration date.
The aging policies result in different entropy and password-correlation properties.
Around 80% of the university interviewees ignore the optional recommendation.
9
Nonetheless, the universities inform users to create safe passwords immediately when
their account is created. Thus, the high entropy passwords remain safe for long-term
use even if they are not changed regularly. In the private sector, the clerks create
memorable secrets with low or moderate entropy. The passwords are changed mostly
when security incidents on large IT companies are announced and become popular.
The military policy on the other hand produces in practice highly correlated pass-
words. A user would require at least four passwords per year for each service (the
permanent personnel possess at least two accounts for a PC in the intranet and the
military email). Although the individual passwords comply with the typical secure
password strategies, the common choice is a memorable prefix appended with some
additional characters [33]. The problem is dominant in the case of conscript privates.
Around 90% of the examined passwords include a variation of the school name and
the year, resulting in high correlated secrets.
However, in all cases, the most correlated passwords are produced by the system
administrators. These employees must maintain administrative passwords for almost
every computer or service. In general, the secrets exhibit high entropy but the admin-
istrative teams establish the same password for all accounts. The burden to comply
with the aging policy results in correlated passwords with low variation and password
re-use. Moreover, the passwords are hard to change when employees leave the organ-
ization, exposing the confidential information.
In order to avoid these issues, an organization should acquire security awareness
programs [34]-[36]. Thus, the personnel learn about the implications of low security
practices and the potential threats for the organization, while the administrative staff
fully complies with the organization’s policies in order not to get reported by external
audit.
5 Mobile applications and BYOD policy
The physics of the mobile ecosystem are different from the web [37]-[38]. A mobile
application runs on movable devices, like laptops, smart phones or tablets. Regarding
password management, they also utilize the client-server model. In contrast to web
applications, great attention must be paid in the storage process of private information
in the device end. If the device gets lost, confidential data can be exposed.
Mobile applications’ security is not only a problem of individual users. Bring
Your Own Device (BYOD) is the IT policy for permitting employees to use their own
personal mobile devices in the workplace. Organizations support this action as BYOD
increases personnel productivity and decreases equipment investments. However,
BYOD has resulted in data breaches [39]-[40].
The empirical study of this article reveals the diverse status of different operation-
al sectors. In the academic community, it is the norm to use personal devices and
access the universities’ infrastructure. All professors, personnel, and students use in
daily base their personal movable devices. A few security incidents include phishing
e-mails requesting login data, DoS attacks on the servers, and infected computers in
the public libraries. For the private sector, the provided infrastructure is considered
10
sufficient for each job position. Nevertheless, the employees may use own equipment
for their convenience, mostly for outdoor tasks. No serious security issues are coun-
tered as the computers are solely used for business purposes. In the military sector,
the computer access is restricted. However, the staff uses portable storage devices to
transfer data from standalone computers to the confidential Intranet. In some cases,
personal equipment (e.g. USB sticks, SD cards, and smart phones) may be utilized
against the rules. The small number of security events that are detected, like malware
software, is originated by such infected devices. Around the 82% of the owners of all
these devices do not apply any additional security than what is already installed by the
manufacturer.
Several related studies have examined the security implications of BYOD (e.g.
[41]-[42]). Businesses are unable to stop employees from bringing personal devices
into the workplace, with 41% of employees (among 2100 individuals) having used at
least one personal device at work [42]. The 70% of these devices apply no additional
security than what is installed by the owner. As employees may access privileged
organization information and applications, security concerns arise. For example, a
smartphone that contains confidential data may be lost or stolen, with untrusted par-
ties retrieving any unsecured data. A device may also be sold or given to a family
member without erasing the sensitive information. As employees leave the organiza-
tion and take their personal devices, valuable data and applications can still be re-
tained in them. Such devices can be also used by various family members, who may
accidentally share the content to unauthorized entities (e.g. via email or Dropbox).
The 39% of the organizations have a data breach due to employees’ personal devices
that are either lost or stolen. Thus, many companies, like CISCO and IBM, are adopt-
ing BYOD policies to regulate the usage of such devices and secure their data. The
typical policy must:
Formally register the personal devices that are used
Specify the usage period (e.g. office working hours)
Regulate the device’s camera and video capabilities when on-line
Regulate the recorded capabilities of the device
Block/Permit access to specific sites or applications
Specify the organization resources that can be accessed (email, contacts, docu-
ments, etc.)
Constrain usage when driving (i.e. no use or with hands-free)
Report a set of specific devices/programs that are allowed and can be supported by
the organization’s IT support. No problems regarding connectivity or malfunction-
ing must be send to the manufacturer. Only the organization’s IT support must re-
solve these issues.
The organization’s IT support must install the security software and configure the
relevant parameters.
Prevent unauthorized access by using the password protection features of the de-
vice and a strong password policy to access the organization’s networks
Establish device self-lock policies for idle periods with password or PIN
Remotely wiped the device in cases of lost, policy or security breaches, and em-
ployment termination
11
6 OAuth 2.0
OAuth 2.0 [43] is an IETF open standard for authentication that allows users to log in
to applications with their existing accounts from a trusted third party, like Google,
Facebook, Microsoft, and Yahoo. The web or mobile application utilizes the provid-
er’s OAuth API to implement the login service. When the user accesses the applica-
tion data, he inputs the username and password of his account in the OAuth-
provider’s site. After authenticating the user, the OAuth service sends an authentica-
tion token to the application along with the authorization settings of the specific ac-
count. Fig. 2 illustrates a reference OAuth protocol.
Fig. 2. OAuth sequence diagram. The application requests an authentication token from the
trusted third party. The user logins the account. An authorization code is sent to the application
as the result of the correct authentication. The application requests an authentication token for
the specific authorization code. The token enables the usage of the OAuth API.
12
After signing in, the application detects the authorization access rights of the user
(e.g. viewer, editor, owner or administrator, and App Engine App Admin in case of
mobile applications). The application’s developer easily implements protected pieces
of code that process admin-only functionality.
OAuth is provided for free and can be easily integrated in existing applications. It
is efficient and enhances security and scalability. The registration friction for the user
is low, as he does not have to create a new account for each application.
Moreover, it decreases the infrastructure and operational costs of an application
while facilitating and attracting the OAuth provider’s users (e.g. billions of users from
Amazon, PayPal, Twitter or LinkedIn). Amazon is the largest Internet-based retailer
in USA with more than 200 million customers [44]. The on-line shoe retailer Zap-
pos.com adopts the Amazon OAuth [44]. Around the 30% of the customers use the
Amazon login to accommodate payments and product advertisements. The OAuth
services of the leading social network Facebook were utilized by 470 billion users in
2014, reaching the 660 billion in 2015 [45]. League of Legends, a multi-player team
video game by Riot, cooperates with Facebook [45]. Riot launches the Facebook
Friend Discovery – a login-integrated feature where the game makes a recommenda-
tion list of potential on-line co-players based on the Facebook friends. This paper
focuses in the password management aspects of OAuth, thus the authorization capa-
bilities are out of the scope. Nonetheless, the selection of the proper OAuth provider
should comply with the targeted user groups of the application.
The main vulnerability of OAuth are phishing attacks. The user is prompted to in-
put his identifiers in a bogus site belonging to the attacker that acts as a man-in-the-
middle between the application and the OAuth provider. The adversary discloses the
relevant information and gains access to the account. However, the application’s own
login process can also be exploited by such attacks.
OAuth is also vulnerable to Cross-Site Request Forgery (CSRF) [46]. A currently
authenticated user is forced to perform unwanted actions, like changing the email
address or transferring funds. To counter the attack, the session cookie that is seeded
for the generation of the access token should be hashed. The state must match the
session cookies and be verified prior accepting the access tokens.
The empirical study concludes that the OAuth login usage is limited only for spe-
cific reputable sites and applications (e.g. Booking.com, TripAdvisor). For new and
less known services, users do not trust OAuth login (i.e. 72%), as they consider that
the provider will obtain their account credentials, raising privacy considerations [47]-
[48]. Interviewees prefer to create new accounts, even if they input data that are the
same as the denied OAuth requested information.
7 Benchmark
A comparison study is conducted for the PBKDF2, Bcrypt, Scrypt, and 5 PHC final-
ists. All PHSs are evaluated on an Intel Core i7 at 2.10GHz CPU with 8GB RAM,
running 64-bit Windows 8.1 Pro over a common benchmark suite. The PHSs process
1000 randomly generated passwords and the average results are detailed in Table 1,
13
using the default values for password, salt, and output sizes. The t_cost and m_cost
parameters tune time and space-memory requirements respectively. No specific norm
is proposed for establishing the two parameters and the benchmark reports the rele-
vant settings, as reported by each scheme.
Table 1. Software implementation of PBKDF2, Bcrypt, Scrypt and the 5 PHC finalists. The
cost t_cost and m_cost tune time and space-memory requirements respectively
PHS Password
(bytes)
Salt
(bytes)
Output
(bytes)
t_cost m_cost ROM
(KB)
RAM
(KB)
CPU
(secs)
PBKDF2 24 8 64 1000 0 30 0 0.002024
PBKDF2 24 8 64 2048 0 30 0 0.004150
PBKDF2 24 8 64 4096 0 30 0 0.008141
Bcrypt 12 16 54 12 0 27 492 2.668653
Scrypt 8 32 64 5 0 182 450656 2.837654
Argon2d 32 32 32 3 2 110 44 0.000524
Argon2d 32 32 32 56 100 110 136 0.077891
Argon2d 32 32 32 3 10000 110 10112 0.434536
Argon2i 32 32 32 3 2 111 40 0.000522
Argon2i 32 32 32 56 100 111 136 0.080158
Argon2i 32 32 32 3 10000 111 10112 0.431438
Catena-
Dragonfly
8 16 64 3 18 34 16496 0.093241
Catena-
Dragonfly
8 16 64 3 20 34 65764 0.379892
Catena-
Butterfly
8 16 64 3 18 35 24668 1.450987
Catena-
Butterfly
8 16 64 3 20 35 98448 6.402041
Lyra2 8 16 64 5 100 98 696 0.001463
Lyra2 8 16 64 5 1000 98 6104 0.015104
Lyra2 8 16 64 5 10000 98 60128 0.159651
MAKWA 8 16 64 0 0 95 335 0.000096
MAKWA 8 16 64 1000 0 95 335 0.002035
MAKWA 8 16 64 8192 0 95 335 0.015621
Yescrypt 8 16 64 0 8 44 2124 0.005796
Yescrypt 8 16 64 3 8 44 2124 0.011544
Yescrypt 8 16 64 0 11 44 16460 0.046733
Fig. 3 illustrates the best speed to RAM-consumption settings. The most efficient
implementations are reported based on the execution time that is required for similar
amounts of memory. PBKDF2, Lyra2, Yescrypt, Catena-BRG, Argon2i, and Argon2d
are the most efficient ones, followed by Catena-DRG, Bcrypt, Scrypt, and MAKWA.
14
Fig. 3. PHS – Speed to RAM measurement
As aforementioned, PBKDF2, Bcrypt, and Scrypt are vulnerable to attacks. For
typical RAM-hard schemes, Argon2 is the best choice as the PHC winner and the
state-of-the-art scheme. Lyra2 fits well in general applications and can process high
amounts of memory, as Scrypt. Catena produces low code and RAM consumption,
and is designed with embedded system constraints in mind [49]. All three schemes
function well on the web and mobile domain. MAKWA can safely substitute Bcrypt
as it consumes similar amounts of RAM for two to four magnitudes lower CPU time.
Yescrypt supports a mode of operation that is compatible with Scrypt and can easily
replace the scheme to existing systems, enhancing security.
Moreover, the Argon2 PHS is integrated with the WRAP OAuth API to protect
the session cookie for a login service that confirms Facebook or Twitter accounts. The
computational overhead is low in both cases and the communication delay ranges
from 0.0012ms to 0.8ms for low and high PHS memory cost respectively.
For secure transmission, it requires 6.5KB on average to establish a TLS session.
Then, 40 additional bytes are needed for encrypted data, in contrast to the unprotected
communication channel, with low processing overhead.
As a case study in this article, the state-of-the-art Argon2 PHS is integrated with
the WRAP OAuth API to protect the session cookies. Two demo login services are
implemented in C++. The first one confirms Facebook accounts. The second service
authenticates Twitter users and authorizes show-tweet requests. The computational
overhead is low in both cases and the communication delay ranges from 0.0012ms to
0.8ms for low and high PHS memory cost respectively.
8 Conclusions
The secure management of passwords is hard. Security breaches on famous applica-
tions have revealed massive amounts of user data, harming the reliability of their
providers. The OAuth feature can leverage security and attract targeted users, if it is
used properly. Small companies that are not able to invest a significant amount of
their budgets for security, could utilize OAuth services. Thus, the login process and
15
the stored password data are safeguarded by a larger IT organization that has ad-
vanced computer security knowledge and infrastructures, and keeps up to dated its
security policies and products. The developer must adopt the state-of-the-art solutions
for storing, processing, and transmitting user-related credentials. Despite of these
technical solutions, the user behavior remains dominant. A proper IT policy should
face the low-entropy or easily-guessed secrets, and the rising challenges of BYOD
reality. Security awareness programs could inform personnel about the security risks
and the potential damage, enhancing protection. The overall analysis could be extend-
ed in other settings where passwords are applied, like Wi-Fi passwords (inserted by
the user or default password generation) and cryptographic session keys.
9 Acknowledgements
This work has received funding from the European Union Horizon’s 2020 research
and innovation programme under the grant agreements No. 786890 (THREAT-
ARREST) and No. 830927 (CONCORDIA).
References
[1] Herley, C. and Oorschot P. V.: A research agenda acknowledging the persis-
tence of passwords, IEEE Security & Privacy, vol. 10, issue 1, pp. 28-36 (2012)
[2] Snow, C. R. and Whitfield, H.: Simple authentication, Software: Practice and
Experience, Wiley, vol. 24, issue 5, 2015, pp. 437-447 (2015)
[3] Miltchev, S., Smith, J.M., Prevelakis, V., Prevelakis, A., Ioannidis, S.: Decen-
tralized access control in distributed file systems, ACM Computing Surveys
(CSUR), ACM, vol. 40, issue 3, 2008, Article no. 10 (2008)
[4] Farcasin, M. and Chan-tin, E.: Why we hate IT: two surveys on pre-generated
and expiring passwords in an academic setting, Security and communication
Networks, Wiley, 2015, 10 February (2015)
[5] Furnell, S.: An assessment of website password practices, Computers & Securi-
ty, Elsevier, vol. 26, issue 7-8, 2007, pp. 445-451 (2007)
[6] Telang, R., Wattal, S.: An Empirical Analysis of the Impact of Software Vulner-
ability Announcements on Firm Stock Price, IEEE Transactions on Software
Engineering (TSE), IEEE, vol. 33, issue 8, 2007, pp. 544-557 (2007)
[7] Cavusoglu, H., Cavusoglu, H., Raghunathan, S.: Efficiency of Vulnerability
Disclosure Mechanisms to Disseminate Vulnerability Knowledge, IEEE Trans-
actions on Software Engineering (TSE), IEEE, vol. 33, issue 3, 2007, pp. 171-
185 (2007)
[8] Finkle, J., Saba J.: LinkedIn suffers data breach - security experts, Reuters, June
(2012)
[9] Richmond, S., Williams, C.: Millions of internet users hit by massive Sony
PlayStation data theft, The Telegraph, London, April 26 (2011)
[10] Yan, J., et al.: Password memorability and security: Empirical results, IEEE
Security & Privacy, vol. 2, issue 5, pp. 25-31 (2004).
16
[11] Forler, C., Lucks, S., Wenzel, J.: Memory-Demanding Password Scrambling,
ASIACRYPT, Springer, LNCS, vol. 8874, 2014, pp. 289-305 (2014)
[12] Forler, C., Lucks, S., Wenzel, J.: The Catena Password Scrambler, PHC submis-
sion, May 15 (2014)
[13] Van Oorschot, P. C., Stubblebine, S.: On countering online dictionary attacks
with login histories and humans-in-the-loop, ACM Transactions on Information
and System Security (TISSEC), vol. 9, issue 3, August 2006, pp. 235-258 (2006)
[14] Kim, J. W., et al.: High-speed parallel implementations of the rainbow method
based on perfect tables in a heterogeneous system, Software: Practice and Expe-
rience, Wiley, vol. 45, issue 6, 2015, pp. 837-855 (2015)
[15] Hatzivasilis, G.: Password-Hashing Status, Cryptography, MDPI Open Access
Journal, vol. 1, issue 2, 2017, number 10 (2017)
[16] Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: Password Hashing Competi-
tion – Survey and benchmark, Cryptology ePrint Archive, IACR, 2015/265, pp.
1-30 (2015)
[17] Yu, X., Liao, Q.: User password repetitive patterns analysis and visualization,
Information & Computer Security, vol. 24, issue: 1, 2016, pp.93-115 (2016)
[18] REUTERS: Man arrested in Athens over ID theft of most Greek population,
2012, November 20 (2012).
[19] Catuogno, L., Galdi, C.: Analysis of a two-factor graphical password scheme,
International Journal of Information Security, Springer, vol. 13, issue 5, October
2014, pp. 421-437 (2014)
[20] Liu, X.-Y., Gao, H.-C., Wang, L.-M., Chang, X.-L.: An Enhanced Drawing
Reproduction Graphical Password Strategy, Journal of Computer Science and
Technology, Springer, vol. 26, issue 6, November 2011, pp. 988-999 (2011)
[21] Carter, N., et al.: Graphical passwords for older computer users, International
Journal of Security and Networks, Inderscience, vol. 13, no. 4, pp. 211-227.
(2018)
[22] Van Oorschot, P. C., Thorpe, J.: On predictive models and user-drawn graphical
passwords, ACM TISSEC, vol. 10, issue 4, January 2008, Article No. 5 (2008)
[23] Shin, J., et al.: SmartPass: a smarter geolocation-based authentication scheme,
Security and Communication Networks, Wiley, vol. 8, issue 18, December, pp.
3927-3938. (2015)
[24] Al-Salloum, Z. S.: GeoGraphical passwords, International Journal of Security
and Networks, Inderscience, vol. 9, no. 1, pp. 56-62. (2014)
[25] Belenko, A., Sklyarov, D.: "Secure Password Managers" and "Military-Grade
Encryption" on Smartphones: Oh, Really? Hack to Ergo Sum (HES), 3rd Edition,
February, 2012 (2012)
[26] Bonneau, J., Preibusch, S.: The password thicket: technical and market failures
in human authentication on the web, 9th WEIS (2010)
[27] National Atlantic Treaty Organization: NATO Cyber Defence, 2017.
http://www.nato.int/cps/en/natohq/topics_78170.htm (2017)
[28] Percival, C.: Stronger Key Derivation via Sequential Memory-Hard Functions.
BSDCan'09, May 2009 (2009)
[29] G. Hatzivasilis, et al.: Lightweight password hashing scheme for embedded
systems, 9th WG 11.2 International Conference on Information Security Theory
and Practice (WISTP), IFIP, Greece, Springer, LNCS, 9311, pp. 249-259 (2015)
17
[30] Nayeem, M.T., et al.: Design of a Human Interaction Proof (HIP) using human
cognition in contextual natural conversation, IEEE ICCI*CC, London, UK, pp.
146-154 (2014).
[31] Just, M.: Designing and evaluating challenge-question systems, IEEE Security &
Privacy, vol. 2, issue 5, pp. 32-39 (2004).
[32] Farcasin, M., Guli, A., Chan-Tin, E.: Fluid passwords – mitigating the effects of
password leaks at the user level, Cornell University Library, arXiv:1708.09333,
August, pp. 1-11. (2017)
[33] Zhang, J., Luo, X., Akkaladevi, S., Ziegelmayer, J.: Improving multiple-
password recall: an empirical study, European Journal of Information Systems,
Palgrave Macmillan, vol. 18, issue 2, pp. 165-176. (2009)
[34] Tsohou, A., Karyda, M., Kokolakis, S.: Analyzing the role of cognitive and
cultural biases in the internalization of information security policies, Computers
& Security, Elsevier, vol. 52, 2015, pp. 128-141 (2015)
[35] Tsohou, A., et al.: Investigating information security awareness: research and
practice gaps, Information Security Journal: A Global Perspective, Taylor &
Francis, vol. 17, issue 5-6, 2008, pp. 207-227 (2008)
[36] Manifavas, C., et al.: DSAPE–Dynamic Security Awareness Program Evalua-
tion, HCI International, Greece, Springer, LNCS, vol. 8533, pp. 258-269 (2014).
[37] Chang, B., Li, Y., Wang, Q., Zhu, W.-T., Deng, R. H.: Making a good thing
better: enhancing password/PIN-based user authentication with smartwatch, Cy-
bersecurity, Springer, vol. 1, issue 7, pp. 1-13 (2018).
[38] Hatzivasilis, G., et al.: MobileTrust: Secure Knowledge Integration in VANETs,
ACM Transactions on Cyber-Physical Systems – Special Issue on User-Centric
Security and Safety for Cyber-Physical Systems, ACM, vol. 4, issue 3, Article
no. 33, pp. 1-25, March (2020).
[39] Miller, K. W., Voas, J., Hurlburt, G. F.: BYOD: Security and Privacy Considera-
tions, IEEE IT Professional, vol. 14, issue 5, pp. 53-55 (2012)
[40] Hatzivasilis, G., et al.: Review of Security and Privacy for the Internet of Medi-
cal Things (IoMT), 1st International Workshop on Smart Circular Economy
(SmaCE), Santorini Island, Greece, 30 May, IEEE, pp. 457-464 (2019)
[41] Harris, M. A., Patten, K. P.: Mobile device security considerations for small-
and medium-sized enterprise business mobility, Information Management &
Computer Security, Emerald, vol. 22, issue: 1, 2014, pp. 97-114 (2014)
[42] Chang, J. M., Ho, P.-C., Chang, T.-C.: Securing BYOD, IEEE IT Professional,
vol. 16, issue 5, pp. 9-11 (2014)
[43] Kaur, E. G. and Aggarwal, E. D.: A survey of social sign-on protocol OAuth 2.0,
Journal of Engineering, Computers & Applied Sciences (JEC&AS), Blue Ocean
Research Journals, vol. 2, no. 6, 2013, pp. 93-96. (2013)
[44] Amazon Developer Center: Securely connect with millions of Amazon custom-
ers and personalize their experience, Amazon (2017)
[45] Facebook for developers: Success story: Riot Games' League of Legends, Face-
book (2017)
[46] Li, W. and Mitchell, C. J.: Security issues in OAuth 2.0 SSO implementations,
International Conference on Information Security (ISC), Springer, LNCS, vol.
8783, 2014, pp. 529-541. (2014)
18
[47] James, T., Nottingham, Q. J., Ziegelmayer, J.: Determining an individual’s con-
cept of privacy, 39th Annual Meeting of the Decision Sciences Institute, DSI, pp.
5011-5016. (2008)
[48] James, T., et al.: The interpersonal privacy identity (IPI): development of a pri-
vacy as control model, Information Technology and Management, Springer, vol.
17, issue 4, pp. 341-360. (2016)
[49] Manifavas, C., et al.: Lightweight cryptography for embedded systems – a com-
parative analysis, ESORICS, Springer, LNCS, vol. 8247, pp. 333-349. (2013)
Appendix I – Question sets for Users and Administrators
This appendix details the two question sets that were used for simple users (Table 2)
and service administrators (Table 3), respectively.
Table 2. Password management question set and answers for users
Questions Answers
Q1
Question How many electronic accounts do you possess?
Answer set Specify a number
Result The users possess 50-70 accounts on average.
Q2.1
Question Do you use any password management tool?
Answer set Yes or No
Result 98% of the users answer that the do not use any tool.
Q2.2
Question If yes, which one?
Answer set Specify the tool or tools
Result The most common answers include KeePass2, Password Safe, LastPass, and browser’s
build-in tools.
Q3.1
Question How many times do you update your passwords in the last year?
Answer set None, 1-4 times, 5-8 times, or more than 9 times
Result 58% answers none, 39% answers 1-4 times, 2% answers 5-8 times, 1% answers more
than 9 times.
Q3.2.1
Question If yes, why you update the passwords?
Answer set Own habit, working organization policy, site/service recommendation, or other
Result From the initial 42% that change the password: 3% answers own habit, 17% answers
working organization policy, 13% answers site/service recommendation, 9% answers
other.
Q3.2.2
Question If other, give more details?
Answer set Specify the reason why you change the passwords
Result Other reasons for changing the password include the announcement of large hacking
operations, hacking of an own account of device, or because the user had forgotten the
current password.
Q4
Question Which policy do you use for creating a password?
Answer set The service’s recommendations or the security experts’ recommendations for creating
strong passwords
Result The 64% answers that they apply the service’s recommendations and the 36% answers
that they apply the security strategies that are recommended the security experts.
19
Q5.1
Question Do you reuse username/password pairs in different services?
Answer set Yes or No
Result The 90% answers that they reuse username/password and 10% answers that they use
different password for different services.
Q5.2
Question If yes, give more details?
Answer set Specify your policy
Result The average user possesses 1-3 favourite pairs that he/she tries to use in all cases.
Q6.1
Question Do you create fake or clone identities in services where you already possess an active
account?
Answer set Yes or No
Result The 73% answers yes.
Q6.2.1
Question If yes, how many?
Answer set Specify a number
Result The average user possesses 2-3 redundant accounts in social media.
Q6.2.2
Question Which policy do you apply for creating the password of a redundant account?
Answer set Specify the policy for selecting the used username/password pair
Result The average user possesses 1-3 favourite pairs (different from the relevant pairs that are
used in the original accounts) that he/she uses for the redundant accounts.
Q7.1
Question Do you use OAUTH?
Answer set Yes or No
Result The 90% answers yes.
Q7.2.1
Question If yes, which OAUTH providers do you prefer?
Answer set Specify a number
Result The highest majority prefers Facebook and Google.
Q7.2.2
Question If no, why?
Answer set Specify the reasons why you avoid using OAUTH
Result The average user that does not utilize OAUTH, does not trust that his/her OAUTH
credentials will be safe.
Q8.1
Question Does your organization support BYOD?
Answer set No, informal and voluntary policy, formal policy, strict monitoring of formal policy
compliance
Result The answers vary based on the organization: the small private companies apply no or
informal policies, the universities have formal policies for fair use, and the army school
enforces the last option.
Q8.2
Question Do you apply any additional security mechanisms except from those that are imposed
by the BYOD?
Answer set Yes or no
Result The 82% of applies no additional protection mechanisms and 18% installs additional
free anti-virus and anti-malware applications.
Table 3. Password management question set and answers for administrators
Questions Answers
Q1.1
Question What password-creation policy does your organization recommends to the users?
Answer set Specify a the policy
20
Result The private companies do not apply a specific policy and the employees create memo-
rable passwords. The military school impose the creation of typically safe or strong
passwords that contain at least 3 or 4 items (depending on the service) from the basic
character sets. The universities impose the creation of strong and random passwords as
students must take an initial course when enrolling the faculty where they are taught
how to create their institutional accounts.
Q1.2
Question How do you create the administration accounts?
Answer set Specify the applied policy
Result In cases, the administrators create at least typically safe passwords. However, as they
have to maintain several administrative accounts for different services, there may be
correlation among the admin accounts or the services’/departments’ name (e.g. a lab’s
or a division’s name may be included in the password).
Q2
Question Which password-hashing technique is implemented by the provided services?
Answer set None, simple hashing with a generic hash function, or hashing with a PHS
Result The private companies apply no or simple hashing, the universities hash the passwords
with a generic hash function or a PHS, and the military school utilizes PHSs.
Q3.1
Question Which password-update policy does your organization apply?
Answer set None, periodically messages to users for changing their passwords in a voluntary basis,
imposed change of the passwords in a periodic basis
Result The private companies apply no specific password update policy. The universities send
periodical messages, but as reported by the administrators, the messages are in general
ignored by the high majority of the students and the personnel (80%). The military
sector imposes that the passwords must be updated every three months.
Q3.2
Question Do the administrators comply with the password-update policy?
Answer set Yes, partially, or no
Result In all cases, the administrators comply partially with the update policy and they do not
change the passwords as frequent as they should.
Q4
Question Do the provided services support OAUTH?
Answer set Yes or No
Result The universities, the military school, and most of the two accounting offices do not
support OAUTH. Only the IT company support the functionality for customer related
services.
Q5.1
Question Do you impose a specific BYOD?
Answer set No, informal and voluntary policy, formal policy, strict monitoring of formal policy
compliance
Result The universities apply no BYOD or advertise a general announcement for fair use. The
most of the private companies also apply no specific policies or have an informal
BYOD, while only one of them impose a formal regulation after a security incident that
was caused by an external college. The military sector applies a formal and strict BYOD
which is imposed by the responsible security personnel.
Q5.2
Question Do the administrators comply with the BYOD?
Answer set Yes, partially, or no
Result In general, the administrators comply with the BYOD policies, however, in all cases,
they admit that they have violated them in specific occasions.