Secure Password Sharing and Storage Using Encryption and Key-exchange

Abstract

Based on security best practices for passwords, the credential is a confidential pin for authenticating system users, but there are instances where users share a common password for resources. Credentials sharing necessitates the passing of sensitive private information between individuals, thus creating a litter of sensitive data across email boxes and other forms of communication. To mitigate security vulnerabilities resulting from the transmission of passwords from one person to another, information security experts recommend using password management applications. On the contrary, there have been researched studies revealing vulnerabilities in password management applications. The main objective of the research was to develop a process model for password sharing using asymmetric cryptography. In addition, part of the objectives was to build and test a prototype that facilitates the secure sharing of passwords over the internet using the redefined process model. The research was an exploratory study consisting of two phases. The first phase involved the design and implementation of a system prototype. The prototype was used for managing shared credentials, whereby passwords were stored in an encrypted database. A pair of public and private keys were used to encrypt and decrypt the data during transmission and owner's access for usage. The second phase of the study included a focus group discussion, which was used to evaluate the developed prototype. The result of the study was a prototype of a system that facilitated the secure sharing and storage of passwords over the internet using asymmetric cryptography. The prototype was also used to model how the vulnerabilities exhibited in the current password management applications can be avoided.