Save Our Passwords

Abstract

Passwords, despite the problems they entail, are still the most common method of user authentication-mainly due to convenience. We present an approach that aims at keeping passwords as an authentication mechanisms while significantly improving their practical security. We store passwords on smartcards -- which is not new -- , but the novelty of our approach is that we perform user authentication with those securely stored passwords between the smartcard and the server, without requiring any changes on the server side. We show the results of our implementation and provide our TLS handshake implementation on a smartcard for the community.