HashifyPass - A Tool For Visualization of Passwords Hashes
Abstract
For security reasons, it is recommended to create long, completely unstructured, random and different passwords for each of the personal accounts. Due to these requirements, some people may want to confirm that they have entered the correct password before submitting a login form. To assist in this confirmation in websites, many systems have the option to view the password, which makes authentication more vulnerable to shoulder surfing attacks. This paper introduces the HashifyPass software, which allows website passwords to be confirmed without displaying them. For this, an animation is used to visualize the password hash. The integration of the software into a login form attests to its effectiveness.
Keywords:
security, shoulder surfing, visual hash, animation, cryptographic hash, authentication
References
Bosnjak, L. and Brumen, B. (2020). Shoulder Surfing Experiments: A Systematic Literature Review. Computers & Security, 99:102023.
Carvalho, H., Ribeiro, J., Batista, D., and Pina, J. (2021). Analise de Desempenho de uma Ferramenta para Visualização de Hashes em Dispositivos Móveis. In Anais Estendidos do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 248–255.
English, R. and Poet, R. (2011). Towards a Metric for Recognition-based Graphical Password Security. In Anais da 5th International Conference on Network and System Security, pages 239–243.
Lexico (2022). SHOULDER SURFING — Meaning & Definition for UK English — Lexico.com. https://www.lexico.com/definition/shoulder_surfing.
Ribeiro, J. M., Batista, D. M., and de Pina, J. C. (2020). hashify: Uma Ferramenta para Visualização de Hashes com Animações. In Anais Estendidos do XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 109–116.
Carvalho, H., Ribeiro, J., Batista, D., and Pina, J. (2021). Analise de Desempenho de uma Ferramenta para Visualização de Hashes em Dispositivos Móveis. In Anais Estendidos do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 248–255.
English, R. and Poet, R. (2011). Towards a Metric for Recognition-based Graphical Password Security. In Anais da 5th International Conference on Network and System Security, pages 239–243.
Lexico (2022). SHOULDER SURFING — Meaning & Definition for UK English — Lexico.com. https://www.lexico.com/definition/shoulder_surfing.
Ribeiro, J. M., Batista, D. M., and de Pina, J. C. (2020). hashify: Uma Ferramenta para Visualização de Hashes com Animações. In Anais Estendidos do XX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 109–116.
Published
2022-09-12
How to Cite
CARVALHO, Henrique Araújo de; RIBEIRO, Jorge Miguel; BATISTA, Daniel Macêdo; PINA, José Coelho de.
HashifyPass - A Tool For Visualization of Passwords Hashes. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 79-86.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.226940.
