Xhide Password Reset -

A new email landed in his inbox. No sender. No subject. Just a video file. He opened it.

Leo pulled up the asset records. The server—codename "OBELISK"—had belonged to a now-defunct R&D division called "Project Chimera." The project lead had resigned under mysterious circumstances in 2008. The second lead had suffered a psychotic break in 2009, insisting that "the authentication daemon was talking to him." xhide password reset

When a burned-out sysadmin receives a password reset request for an account named "XHIDE" that doesn't exist on any server, he discovers the reset isn't unlocking a profile—it’s unlocking a door that was never meant to be opened. A new email landed in his inbox

[2] J. Liu et al., "A Novel Password Reset Mechanism Using Graphical Passwords," IEEE Transactions on Information Forensics and Security, vol. 14, pp. 2499-2514, 2019. Just a video file

Password reset is a crucial aspect of password-based authentication systems. Traditional password reset mechanisms, such as password reset links sent via email or SMS, are vulnerable to various attacks, including phishing, password reset poisoning, and man-in-the-middle attacks. In this paper, we propose XHide, a novel password reset mechanism that leverages the user's device and browser to provide a secure and user-friendly password reset experience. XHide uses a combination of cryptographic techniques, such as public-key cryptography and secure multi-party computation, to ensure the confidentiality and integrity of the password reset process. Our analysis and experiments demonstrate that XHide is resistant to various attacks and provides a seamless user experience.