When writing about best practices for authentication, I find that today’s best practices still leave gaping holes in security, specifically not solving the problem of password reuse by users – websites are currently sent the user’s input which means they could be storing it without them knowing. It also means that a user that is tricked into visiting a malicious site instantly gives away their credentials.
When I talk of passwords, I believe that any authentication key, whether it be generated via biometrics, a physical key or a password should be forced to use this protocol.
I have been unable to find any such protocols online for this purpose, the current idea would be something of the sort (I’m not a crypto expert, this is merely an example).
1) The LoginID is passed to the server, the server responds with a user-set reply to validate they are logging in at the genuine site. 2) The user’s browser is sent a cryptographic key linked to their account, when the user inputs their password, the browser first encrypts this key with the users password & then hashes it, before sending it to the server. The server should then follow best practices for password storage as currently advised.
In sumarry, what is needed: 1) A mechanism when authenticating that is clear to users that they are logging in at the correct location that they believe they are. 2) The website must never receive the user’s actual authentication key.
Why? I first thought of this when thinking about multifactor authentication and thinking it is rather a bad idea to transmit biometrics to anybody for any reason in plaintext, (over encrypted channels, it doesn’t matter), as we have seen all too many times websites not taking adequate security measures, it is not so easy to change ones fingerprint. Included must be some form of mechanism to ensure the user does not transmit credentials to the wrong site. Hence I reccomend the two-stage login, the user login ID (which should not be a username or an email, it should be private), is entered, upon entry the user is sent the prompt they set, this could be an image or text or both, this acts as a way of preventing simple phishing attacks which aim to clone sites. THis is necessary to prevent phishing attacks else malicious sites will still mimick genuine ones, or unattentive users will fall victim. (I reccomend that the browsers flag login inputs as ‘insecure’, informing the user will be sent in plaintext, if websites choose not to adhere to this standard).
Again this is just an example. It just seems that it is not all too complex or costly to implement what would be a real advantage to user security. It would eliminate the need for a password manager & make password breaches a minor inconvenience. And as said earlier, it adresses the pressing issue of biometrics.
Again I’m no crypto expert, this is just a simple example protocol.
I have attempted to find information on protocols for this purpose but have failed. I have seen some answers on stackexchange reccomending such a thing, but not a dedicated post. I apoligise if this is a duplicate, the search terms on this matter predictably throw up irrelevant posts.