Grid framework to address password memorability issues and offline password attacks

Abstract

Passwords today are the most widely used form of authentication, yet have significant issues in regards to security due to human memorability limitations. Inability to remember strong passwords causes users generally to only satisfy the bare minimum requirements during an enrollment process. Users having weak passwords are vulnerable to offline password attacks, where an adversary iteratively guesses the victim’s password and tests for correctness. In this paper, we introduce a new password scheme, Grid framework, that takes advantage of current encryption technologies and reduces the user’s effort to create a strong password. The Grid Framework scheme translates an easy-to-remember sequence on a grid into a complex password consisting of randomly selected uppercase, lowercase, numeric, and special symbols with a minimum length of eighteen characters that the user is not required to memorize. The Grid Framework results in a system that increases memorability for secure authentication.