Abstract:
In this paper we present a method for password recovery through the employment of multiple Web servers, and which we name Peer-Assisted Carrying Authentication (PACA). The paper starts by highlighting the vulnerabilities of the commonly used techniques for password recovery, namely the question-answer approach. It then proceeds to providing a general coverage of the proposed approach and discusses the details and offered solutions to issues that relate to implementation and security. We present a software application that we developed for proof-of-concept and as a tool for class-based experiments. These were conducted to show the ability of users to hack accounts of other users with whom they have or had some kind of relationship and test the effectiveness of piecewise password recovery. The results indicate that people who are close to others can often guess some of their passwords correctly and therefore, are able to hack their computer accounts. It is shown that PACA makes the hacker's job very difficult through the multiple peer authentication mechanism. In this regard, the findings could be used to set a lower bound on the number of peer sites for authenticating users. © 2004 Elsevier Ltd. All rights reserved.