WiPhi: using location-specific WiFi signals for password hardening and improvement

Having a strong password is vital in maintaining secure access to private or sensitive data. However, strong passwords require good memorization skills, placing a significant burden on human memory and cognitive capacity. Using additional authentication measures, such as token-based access, reduces the need for overly complex passwords while maintaining a high level of security. However, using additional measures introduces additional user interaction during the log-in process. In this work, we propose a password hardening scheme that provides a location based authentication mechanism. We use the information contained within the local WiFi environment to strengthen a user’s password. With our method, the requirements on the user password remain at a reasonable level, while keeping extra user involvement to a minimum. We achieve this by generating a cryptographic key from WiFi beacon frames, which we combine with the user password using a key derivation function. Furthermore, we conduct an analysis to assess the stability of local WiFi environments to determine the practicality of our proposed password hardening scheme.