Password Managers: Comparative Evaluation, Design, Implementation and Empirical Analysis

It appears your Web browser is not configured to display PDF files. Download adobe Acrobat or click here to download the PDF file.

Click here to download the PDF file.

Creator: 

McCarney, Daniel

Date: 

2013

Abstract: 

Passwords continue to prevail as the primary method for user authentication, despite well-known drawbacks. Password managers offer improvement without the deployment barrier of server-side changes. This thesis examines password managers to alleviate some of the deficits of password authentication, while retaining the deployability advantages of passwords.In order to provide more fine-grained comparative evaluation of password managers, we extend the Usability-Deployability-Security framework of Bonneau et. al. by adding additional evaluation properties which allow differentiation of password managers by characteristics not measured by the more general UDS.We introduce and evaluate the security of dual-possession authentication, an authentication approach offering encrypted storage of passwords and theft-resistance without the use of a master password. We further introduce Tapas as a implementation of dual-possession authentication leveraging a desktop computer and a smartphone. Tapas requires no server-side changes, no master password, and protects stored passwords in the event either device is stolen.

Subject: 

PHYSICAL SCIENCES Computer Science

Language: 

English

Publisher: 

Carleton University

Thesis Degree Name: 

Master of Computer Science: 
M.C.S.

Thesis Degree Level: 

Master's

Thesis Degree Discipline: 

Computer Science

Parent Collection: 

Theses and Dissertations

Items in CURVE are protected by copyright, with all rights reserved, unless otherwise indicated. They are made available with permission from the author(s).