Steganography-based Password Management: A conceptual Model

  • Omed Saleem Khalind Department of Software and Informatics, College of Engineering, Salahaddin University-Erbil, Kurdistan Region, Iraq
Keywords: Steganography; password management; authentication methods; two-factor authentication; security.


The problem of password management is one of the oldest and most problematic issues in the context of computing security and personal digital information. Despite the fact that many researched have been carried out on this problem, most solutions have remained focused on the server side assuming a trusted infrastructure that will enforce a proper management scheme for the user passwords and that exists outside of the user’s domain. On the other hand, user or client-side password management has remained

at the level of recommendations to users providing some general guidelines to what constitutes good management of a user’s set of passwords. In this paper, we propose a novel approach by focusing on the design of a system for the management of a user’s passwords that runs within the domain of the user.The new system utilizes information hiding by means of steganography techniques in order to create seamless management of user passwords. To the best of our knowledge this would be the first attempt of using stego-image as a token for two-factor authentication in the literature, which needs no extra cost of hardware, easy to use and implement.



Bezzateev, S., Voloshina, N., Davydov, V., Minaeva, T., & Rudavin, N. (2018). Signing Documents by Hand:
Model for Multi-Factor Authentication, Cham.
Blonder, G. E. (1996). United States Patent No. 5559961.
Burnett, M. (2006). Perfect Password: Selection, Protection, Authentication: Elsevier Science.
Chang, C., & Wu, T. (1991). Remote password authentication with smart cards. IEE Proceedings E - Computers
and Digital Techniques, 138(3), 165-168.
Florencio, D., Herley, C., & Coskun, B. (2007). Do strong web passwords accomplish anything? Paper
presented at the Proceedings of the 2nd USENIX workshop on Hot topics in security, Boston, MA.
Furnell, S. M., Dowland, P. S., Illingworth, H. M., & Reynolds, P. L. (2000). Authentication and Supervision: A
Survey of User Attitudes. Computers & Security, 19(6), 529-539. doi:
Garfinkel, S., & Spafford, G. (2002). Web Security, Privacy & Commerce: O'Reilly Media, Incorporated.
Gehringer, E. F. (2002, 6-8 June 2002). Choosing passwords: security and human factors. Paper presented at the
IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of
Information and Communication Technology. Proceedings (Cat. No.02CH37293).
Gołofit, K. (2007). Picture passwords superiority and picture passwords dictionary attacks. Paper presented at
the International Multiconference on Computer Science and Information Technology.
Jablon, D. P. (1996). Strong password-only authenticated key exchange. ACM SIGCOMM Computer
Communication Review, 26(5), 5-26.
Jan, J.-K., & Chen, Y.-Y. (1998). “Paramita wisdom” password authentication scheme without verification
tables. Journal of Systems and Software, 42(1), 45-57.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM,
24(11), 770-772.
Li, Z., Sun, Q., Lian, Y., & Giusto, D. D. (2005). An association-based graphical password design resistant to
shoulder-surfing attack. Paper presented at the Multimedia and Expo, 2005. ICME 2005. IEEE
International Conference on.
Liao, I.-E., Lee, C.-C., & Hwang, M.-S. (2006). A password authentication scheme over insecure networks.
Journal of Computer and System Sciences, 72(4), 727-740.
Lin, T.-H., Lee, C.-C., Tsai, C.-S., & Guo, S.-D. (2010). A tabular steganography scheme for graphical password
authentication. Computer Science and Information Systems, 7(4), 823-841.
Paivio, A., Rogers, T. B., & Smythe, P. C. (1968). Why are pictures easier to recall than words? Psychonomic
Science, 11(4), 137-138. doi: 10.3758/bf03331011
Schuba, M., Gerstenberger, V., & Lahaije, P. (2004). Internet id-flexible re-use of mobile phone authentication
security for service access. NORDSEC 2004, 58-64.
Tenreiro de Magalhaes, S., Revett, K., & Santos, H. (2006). Generation of authentication strings from graphic
keys. International Journal of Computer Science and Network Security,6(3),240-246.
How to Cite
Saleem Khalind, O. (2019) “Steganography-based Password Management: A conceptual Model”, Zanco Journal of Pure and Applied Sciences, 31(s3), pp. 61-68. doi: 10.21271/ZJPAS.31.s3.9.