Partial Password
   HOME

TheInfoList



Click Here for Items Related To - Partial Password
OR:
Partial Password on:   [Wikipedia]   [Google]   [Amazon]

A partial password is a mode of
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
intended to make
keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
and shoulder surfing less effective. By asking the user to enter only a few specific characters from their password, rather than the whole password, partial passwords help to protect the user from password theft. As only part of the password is revealed at once it becomes more difficult to obtain the password using techniques such as
keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
or shoulder surfing. A paper by David Aspinall and Mike Just describes partial password implementations and attacks in a detailed study. Tested with 110,000 simulations using passwords longer than 8 characters long,
Junade Ali Junade Ali is a British computer scientist known for research in cybersecurity.CEng registration number ''673221''. https://www.engc.org.uk/regcheck Ali studied for a Master of Science degree aged 17 and was awarded Chartered Engineer status b ...
has noted: * 58% of passwords are revealed in entirety after 7 logins, 90% after 12 and 99% after 19 logins. * Using a dataset of 488,129 breached passwords, 58% of tested 3-character password segments were only valid for that password in the database. Additionally, 28% could be associated with only one other password and 8% with two other passwords.


Verifying partial passwords

It is considered good practice to not store passwords in
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted. Overview With the advent of comp ...
. Instead, when checking a whole password, it is common to store the result of passing the password to a
cryptographic hash function A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography: * the probability of a particular n-bit output re ...
. As the user does not supply the whole password, it cannot be verified against a stored digest of the whole password. Some have suggested storing the digest of each combination of letters that could be requested, but they note that this results in generating and storing a large amount of digests. A better solution in terms of storage space and security is using a
secret sharing Secret sharing (also called secret splitting) refers to methods for distributing a secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine th ...
scheme.Update to Partial Passwords
/ref>


References

{{Reflist Password authentication