{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T08:22:35Z","timestamp":1763022155653,"version":"3.45.0"},"reference-count":20,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T00:00:00Z","timestamp":1762992000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T00:00:00Z","timestamp":1762992000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Having a strong password is vital in maintaining secure access to private or sensitive data. However, strong passwords require good memorization skills, placing a significant burden on human memory and cognitive capacity. Using additional authentication measures, such as token-based access, reduces the need for overly complex passwords while maintaining a high level of security. However, using additional measures introduces additional user interaction during the log-in process. In this work, we propose a password hardening scheme that provides a location based authentication mechanism. We use the information contained within the local WiFi environment to strengthen a user\u2019s password. With our method, the requirements on the user password remain at a reasonable level, while keeping extra user involvement to a minimum. We achieve this by generating a cryptographic key from WiFi beacon frames, which we combine with the user password using a key derivation function. Furthermore, we conduct an analysis to assess the stability of local WiFi environments to determine the practicality of our proposed password hardening scheme.<\/jats:p>","DOI":"10.1186\/s13635-025-00209-3","type":"journal-article","created":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T08:16:45Z","timestamp":1763021805000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["WiPhi: using location-specific WiFi signals for password hardening and improvement"],"prefix":"10.1186","volume":"2025","author":[{"given":"Philipp Christian","family":"Arnold","sequence":"first","affiliation":[]},{"given":"Philipp","family":"Jakubeit","sequence":"additional","affiliation":[]},{"given":"Andreas","family":"Peter","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,13]]},"reference":[{"key":"209_CR1","unstructured":"IBM Corporation. IBM Download Page. (2022). https:\/\/www.ibm.com\/downloads\/cas\/3R8N1DZJ. Accessed 30 Aug 2024"},{"key":"209_CR2","unstructured":"T.\u00a0Hunt. Pwned Websites. (2023). https:\/\/haveibeenpwned.com\/PwnedWebsites#GenesisMarket. Accessed 30 Aug 2024"},{"issue":"16","key":"209_CR3","first-page":"13","volume":"128","author":"A Aggarwal","year":"2015","unstructured":"A. Aggarwal, P. Chaphekar, R. Mandrekar, Cryptanalysis of bcrypt and sha-512 using distributed processing over the cloud. Int. J. Comput. Appl. 128(16), 13\u201316 (2015)","journal-title":"Int. J. Comput. Appl."},{"key":"209_CR4","unstructured":"Chick3nman. Hashcat benchmark results. (2022). https:\/\/gist.github.com\/Chick3nman\/32e662a5bb63bc4f51b847bb422222fd. Accessed 30 Aug 2024"},{"issue":"2","key":"209_CR5","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/s102070100006","volume":"1","author":"F Monrose","year":"2002","unstructured":"F. Monrose, M.K. Reiter, S. Wetzel, Password hardening based on keystroke dynamics. Int. J. Inf. Secur. 1(2), 69\u201383 (2002)","journal-title":"Int. J. Inf. Secur."},{"key":"209_CR6","doi-asserted-by":"crossref","unstructured":"P.\u00a0Jakubeit, A.\u00a0Peter, M.\u00a0van Steen, in International Conference on Information Security Practice and Experience, Lockey: Location-based key extraction from the wifi environment in the user\u2019s vicinity (Springer, 2023), pp. 399\u2013418","DOI":"10.1007\/978-981-99-7032-2_24"},{"key":"209_CR7","doi-asserted-by":"crossref","unstructured":"P. Jakubeit, A. Peter, in 10th International Conference on Information Systems Security and Privacy, ICISSP 2024, Roomkey: Extracting a volatile key with information from the local wifi environment reconstructable within a designated area (SCITEPRESS, 2024), pp. 558\u2013569","DOI":"10.5220\/0012437500003648"},{"key":"209_CR8","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Dodis, L.\u00a0Reyzin, A.\u00a0Smith, in Advances in Cryptology - EUROCRYPT 2004, Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Lecture Notes in Computer Science (Springer Berlin Heidelberg, Berlin, Heidelberg, 2004), pp. 523\u2013540","DOI":"10.1007\/978-3-540-24676-3_31"},{"key":"209_CR9","doi-asserted-by":"crossref","unstructured":"G.\u00a0Bianchi, S.\u00a0Di\u00a0Domenico, M.\u00a0De\u00a0Sanctis, L.\u00a0Liberati, V.\u00a0Perrotta, E.\u00a0Cianca, in 2017 26th International Conference on Computer Communication and Networks (ICCCN), Unveiling access point signal instability in wifi-based passive sensing (IEEE, 2017), pp. 1\u20139","DOI":"10.1109\/ICCCN.2017.8038449"},{"issue":"3","key":"209_CR10","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1016\/0022-0000(81)90033-7","volume":"22","author":"MN Wegman","year":"1981","unstructured":"M.N. Wegman, J. Carter, New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265\u2013279 (1981). https:\/\/doi.org\/10.1016\/0022-0000(81)90033-7","journal-title":"J. Comput. Syst. Sci."},{"key":"209_CR11","doi-asserted-by":"crossref","unstructured":"P. Jakubeit, A. Peter, M. van Steen, in Emerging Technologies for Authorization and Authentication, ed. by A. Saracino, P. Mori. The measurable environment as nonintrusive authentication factor on the example of wifi beacon frames (Springer Nature Switzerland, Cham, 2023), pp. 48\u201369","DOI":"10.1007\/978-3-031-25467-3_4"},{"key":"209_CR12","unstructured":"V.\u00a0Ciresica, Authentication method for windows os based on location classification using wifi signals (Master\u2019s thesis, University of Twente, 2023)"},{"key":"209_CR13","doi-asserted-by":"publisher","unstructured":"N.I. of\u00a0Standards, Technology, Recommendation for key management: Part 1 - general. Special Publication 800-57, NIST (2020). https:\/\/doi.org\/10.6028\/NIST.SP.800-57pt1r5","DOI":"10.6028\/NIST.SP.800-57pt1r5"},{"key":"209_CR14","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1002\/j.1538-7305.1951.tb01366.x","volume":"30","author":"CE Shannon","year":"1951","unstructured":"C.E. Shannon, Prediction and entropy of printed english. Bell Syst. Tech. J. 30, 50\u201364 (1951)","journal-title":"Bell Syst. Tech. J."},{"key":"209_CR15","doi-asserted-by":"crossref","unstructured":"A.\u00a0Biryukov, D.\u00a0Dinu, D.\u00a0Khovratovich, in 2016 IEEE European Symposium on Security and Privacy (EuroS and P), Argon2: New generation of memory-hard functions for password hashing and other applications (IEEE, 2016), pp. 292\u2013302","DOI":"10.1109\/EuroSP.2016.31"},{"key":"209_CR16","unstructured":"National Institute of Standards and Technology. Advanced encryption standard (aes) (2023). https:\/\/csrc.nist.gov\/pubs\/fips\/197\/final. Accessed 30 Aug 2024"},{"key":"209_CR17","doi-asserted-by":"crossref","unstructured":"E.\u00a0Perahia, M.X. Gong, Gigabit wireless lans: an overview of ieee 802.11 ac and 802.11 ad. ACM SIGMOBILE Mob. Comput. Commun. Rev. 15(3), 23\u201333 (2011)","DOI":"10.1145\/2073290.2073294"},{"key":"209_CR18","unstructured":"Gnome. nmcli: Network manager reference manual (2023). https:\/\/developer-old.gnome.org\/NetworkManager\/stable\/nmcli.html. Accessed 30 Aug 2024"},{"issue":"5","key":"209_CR19","doi-asserted-by":"publisher","first-page":"917","DOI":"10.1109\/TMC.2012.63","volume":"12","author":"SN Premnath","year":"2013","unstructured":"S.N. Premnath, S. Jana, J. Croft, P.L. Gowda, M. Clark, S.K. Kasera, N. Patwari, S.V. Krishnamurthy, Secret key extraction from wireless signal strength in real environments. IEEE Trans. Mob. Comput. 12(5), 917\u2013930 (2013). https:\/\/doi.org\/10.1109\/TMC.2012.63","journal-title":"IEEE Trans. Mob. Comput."},{"key":"209_CR20","doi-asserted-by":"crossref","unstructured":"R.\u00a0Perdisci, C.\u00a0Maurice, G.\u00a0Giacinto, M.\u00a0Almgren, in Detection of Intrusions and Malware, and Vulnerability Assessment, Practical password hardening based on TLS. Lecture Notes in Computer Science, vol. 11543 (Springer International Publishing AG, Switzerland, 2019), pp. 441\u2013460","DOI":"10.1007\/978-3-030-22038-9_21"}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-025-00209-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13635-025-00209-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-025-00209-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T08:16:49Z","timestamp":1763021809000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-025-00209-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,13]]},"references-count":20,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["209"],"URL":"https:\/\/doi.org\/10.1186\/s13635-025-00209-3","relation":{},"ISSN":["2510-523X"],"issn-type":[{"type":"electronic","value":"2510-523X"}],"subject":[],"published":{"date-parts":[[2025,11,13]]},"assertion":[{"value":"16 February 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"33"}}