Our solutions assume the user has access to either an untrusted online cloud storage service, or a mobile storage device that is trusted until stolen. We also consider schemes that oprovide anonymity and unlinkability of the user’s actions. We do not assume existence of synchronization, tamper resistance, special or expensive hardware, or extensive cryptographic capabilities of the mobile device. Most importantly, the user’s password remains secure even after the mobile device is stolen.
Our constructions are relatively easy to deploy, especially if a few single sign-on services (e.g., Microsoft, Google, Facebook) adopt our proposal.
We are grateful for the support from the Royal Society Newton Advanced Fellowship.