HPAKE: Honey Password-authenticated Key Exchange for Fast and Safer Online Authentication

Password-only authentication is one of the most popular secure mechanisms for real-world online applications. But it easily suffers from a practical threat - password leakage, incurred by external and internal attackers. The external attacker may compromise the password file stored on the authentication server, and the insider may...

Practical Threshold Multi-Factor Authentication

Multi-factor authentication (MFA) has been widely used to safeguard high-value assets. Unlike single-factor authentication (e.g., password-only login), t-factor authentication (tFA) requires a user always to carry and present t specified factors so as to strengthen the security of login. Nevertheless, this may restrict user experience in...