부산대학교 도서관

Increased online accounts and services require robust password management solutions and practices to maintain secure authentication. Deploying unique passwords for all accounts is impractical, as cracking that password leads to losing access to all the related accounts. Thus, managing complex and unique passwords for different accounts is the primary challenge for users. To address this challenge, a secure offline vault-based password management system (Vault-PMS) is proposed. The system leverages multiple security features: AES256 encryption, multi-factor authentication (MFA), and backup to enhance password security and resilience. The system 1) deploys the MFA security control, requiring users to enter a master password and a one-time password (OTP) sent to their emails, 2) relies on password encryption and an offline backup feature that allows the storage of encrypted passwords locally on the user’s device or externally on hard drives. The proposed system aims to mitigate risks associated with online storage, specifically cloud storage, and ensure data restoration in case of device damage or loss. The proposed password management system has been implemented using Java and evaluated in terms of security and execution time. The results demonstrate that the system offers a secure, reliable, and efficient solution for password management, effectively addressing the challenges associated with maintaining secure authentication practices for multiple online accounts.