Research Article
BluePass: A Mobile Device Assisted Password Manager
@ARTICLE{10.4108/eai.10-1-2019.156244, author={Yue Li and Haining Wang and Kun Sun}, title={BluePass: A Mobile Device Assisted Password Manager}, journal={EAI Endorsed Transactions on Security and Safety}, volume={5}, number={17}, publisher={EAI}, journal_a={SESA}, year={2018}, month={12}, keywords={Authentication, Password, Password Manager, Two-factor Authentication}, doi={10.4108/eai.10-1-2019.156244} }- Yue Li
Haining Wang
Kun Sun
Year: 2018
BluePass: A Mobile Device Assisted Password Manager
SESA
EAI
DOI: 10.4108/eai.10-1-2019.156244
Abstract
With the growing number of online accounts a user possesses, managing passwords has been unprecedentedly challenging. Password managers have emerged to help users managing their passwords. However, state-of-the-art cloud based password managers are vulnerable to data breach and a master password becomes a single point of failure. To address these security vulnerabilities, we propose BluePass, a password manager that stores the password vault (i.e., the set of all the encrypted site passwords of a user) locally in a mobile device and a decryption key to the vault in the user computer. BluePass partially inherits the security characteristics of two-factor authentication by requiring both a mobile device and a master password to retrieve and decrypt the site passwords. BluePass leverages short-range nature of Bluetooth to automatically retrieve site passwords and fill the login fields, providing a hand-free user experience.
Copyright © 2018 Yue Li et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.