4 TH INTERNATIONAL CONFERENCE ON INNOVATIVE COMPUTING AND COMMUNICATION (ICICC 2021) Secure and Manage Passwords with Encryption and Cloud Storage Mayank Kanela a,* , Harshit Dhingra a , Mohil Singhal a , and Geetika Dhand a a Department of Computer Science and Engineering, Maharaja Surajmal Institute of Technology, C4 Janakpuri, New Delhi 110058, India Email: {mayankkanela8, harshitdhingra1999, mohil.singhla1, geetika.dhand}@gmail.com Abstract: Tech users often face a challenge to create and remember a secure and sophisticated password for various software services or tools they use for entertainment, work, or utility such as streaming platforms, shopping sites, email account, etc. One thing common in all these services is a password and it’s difficult for the user to memorize and maintain all these passwords and end up setting up common or simple passwords and due to this accounts of various users across various services are compromised to brute force attacks or even social engineered out of them and even worse if the same password is used over various accounts. In this paper, we present a solution that uses encryption and cloud storage to efficiently secure and manage user passwords and add an extra layer of protection, ensuring integrity, availability and security without making users remember multiple passwords. 1. Introduction It’s common for internet services to require the user to sign up using email and password, some examples are e-commerce site like Amazon, email providers like Gmail and entertainment services like Netflix, etc., while it’s a simple process to identify the users, it’s often difficult for users to remember multiple passwords for different sites like and often end up creating simple password like date of birth, pet’s name, brother, sister, maiden names, etc., or sometimes make a common password for many accounts which may or may not be strong, compromising the security of accounts to brute force attacks or even social engineering in case the password is related to the user somehow. The solution we present to improve password security while not making users remember multiple passwords and ensuring their integrity is a three-step process. First, we take or generate the user’s password along with an alias that shouldn’t relate to the username or email for example account1 can be used as an alias. Second, the user inputs a key which should be common for every entity and it’s assumed the user should either remember the key or it is stored in the local storage. Last, the account is added to the cloud storage and the user can fetch it anytime and decrypt the hash using the main key and obtain the password. Our technique provides an extra layer of protection while ensuring security, integrity, and relieving user to remember multiple passwords. Fig 1 and 2 depicts the process of storing and retrieving passwords. Fig. 1 - Process of encrypting and storing the password in cloud storage. Fig. 2 - Process of password retrieval and decryption to use the password. In the following points we discuss how our technique help protect and manage passwords: • Security. The idea of using a single key based password management system might present a doubt about the vulnerability of passwords if the key is extracted by using brute force, but there are two mechanisms which prevents exactly this, first we never store the key in the cloud thus even if someone manages to hack the cloud database, it will only have a list of encrypted hashes which would make no sense and the fact that encryption techniques are unbreakable in polynomial time and the AES standard is one of the best encryption standard out there the attacker will not easily decrypt all those encrypted hashes , second even if somehow the attacker breaks cloud security, breaks the encryption and obtains password of the users they won’t be able to identify the account as in which service it belongs to and what is the username/email, of course, it is based on the assumption that the user does not enter the actual username/email we make the instructions pretty clear to use such alias which the user can associate for example main email, Netflix 1, amazon 1, etc. • Convenience. The human mind can store only so many passwords while preserving their integrity, it's quite common for users to forget their password and then go through a password reset process. By storing encrypted passwords in the cloud we ensure that the passwords are easily available and provide a very user-friendly interface for the purpose and very little detail is required for users to fill and the account is synced to all the devices in which the user is signed in. The user need not try hard to create a complex password and just use a random password generator. • Availability. The availability of passwords are ensured by the cloud services and are better compared to storing passwords locally, the user can easily retrieve the passwords anywhere, anytime, and on any device [8-12]. 1.1. Assumptions This method of managing and securing user passwords follows some assumptions for the user part, the user must remember the master key for the passwords although if the user forgets the master key it won't have any adverse effect on the security of the passwords as the user can just delete all the stored items and accounts once again, it is an inconvenience but remembering one password is easier than remembering many and the second being user uses an implicit alias for the encrypted hash and once again it's a very minor detail to even strengthen the security of the passwords. 2. Related work In this section, we will discuss work done on password security and management and reliability of cloud services. Electronic copy available at: https://ssrn.com/abstract=3833469