CombinedPWD: A New Password Authentication Mechanism Using Separators Between Keystrokes

The password security has been paid much attention to by many scholars. The conventional password cracking methods are based on probabilistic models leveraging the leaked password datasets. In order to reduce this risk, our study proposes a new online password authentication mechanism, combinedPWD, through inserting separators (e.g. blanks) into the passwords to strengthen the existing password authentication system. This scheme utilizes the custom of users' input. In our research, website users can insert spaces in their password where they want to pause when they register an account and the website back-end records the number of spaces in every gap. Only input the correct password and the corresponding number of separators matching accounts to be admitted into the system. Any trials with wrong password or correct password but with a wrong number of spaces will be rejected by the system. Through the experiments verification, the proposed mechanism can resist brute force attack and dictionary attack effectively. To avoid keyloggers, we further propose to use two-dimensional code to store the encrypted password. And this scheme has better operability and security.