Naturally Rehearsing Passwords

@inproceedings{Blocki2013NaturallyRP,
  title={Naturally Rehearsing Passwords},
  author={Jeremiah Blocki and Manuel Blum and Anupam Datta},
  booktitle={ASIACRYPT},
  year={2013}
}
We introduce quantitative usability and security models to guide the design of password management schemes — systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions. In particular, password management relies on assumptions about human memory, e.g., that a user who… Expand
Usable Human Authentication: A Quantitative Treatment
TLDR
The thesis is that user models and security models can guide the development of password management schemes with analyzable usability and security properties and introduces Naturally Rehearsing Password schemes and Human Computable Password schemes, which leverage human capabilities for simple arithmetic operations. Expand
Usability of Humanly Computable Passwords
TLDR
This work presents the first usability study of humanly computable password strategies, involving a learning phase (to learn a password strategy), then a rehearsal phase, then a login to a few websites, and multiple follow-up tests. Expand
Graphical Passwords and Practical Password Management
TLDR
This thesis explores practical approaches to helping users select, securely reuse, and manage passwords, and proposes the design of PassTiles, a new graphical password system that allows secure random memorable passwords to be easily assigned. Expand
YourPassword: applying feedback loops to improve security behavior of managing multiple passwords
TLDR
The effectiveness of a feedback loop to improve users' password management is explored and YourPassword, a web-based application that uses feedback to inform users about the security of their password behavior, is introduced. Expand
Cue-Pin-Select, a Secure Mental Password Manager
TLDR
The Cue-Pin-Select password family scheme is presented, which uses natural cognitive abilities to be durable, adaptable to different password requirements, and resistant to attacks, including ones involving plain-text knowledge of some passwords from the family. Expand
Keyboard Based Password Generation Strategies
A Human Computable Password Generation Scheme is a strategy which allows a user to quickly (re)generate multiple distinct passwords for different web sites by transforming a challenge (e.g., the nameExpand
GOTCHA password hackers!
TLDR
The main theorem demonstrates that GOTCHAs can be used to mitigate the threat of offline dictionary attacks against passwords by ensuring that a password cracker must receive constant feedback from a human being while mounting an attack. Expand
An Empirical Study of Mnemonic Sentence-based Password Generation Strategies
TLDR
While metrics similar to guess numbers suggested that all variants provided highly secure passwords, statistical metrics told a different story and differences in the exact instructions had a tremendous impact on the security level of the resulting passwords. Expand
Changing users' security behaviour towards security questions: A game based learning approach
TLDR
This paper proposes a serious game design that uses system-generated security questions with the aim of improving the usability of fallback authentication and adopted the popular picture-based ‘4 Pics 1 word’ mobile game. Expand
Towards an Empirical Cost Model for Mental Password Algorithms
TLDR
This work empirically studies the validity of cognitive assumptions relative to mental computation for making codes like passwords, using as a starting point password algorithms and a cost model for mental computation developed by Blum and Vempala. Expand
...
1
2
3
4
...

References

SHOWING 1-10 OF 85 REFERENCES
Of passwords and people: measuring the effect of password-composition policies
TLDR
A large-scale study investigates password strength, user behavior, and user sentiment across four password-composition policies, and describes the predictability of passwords by calculating their entropy, finding that a number of commonly held beliefs about password composition and strength are inaccurate. Expand
Correct horse battery staple: exploring the usability of system-assigned passphrases
TLDR
System-assigned passphrases performed similarly to system-assignment passwords of similar entropy across the usability metrics, and did not seem to increase when the dictionary from which words were chosen was shrunk, reduced the number of words in a passphrase, or allowed users to change the order of words. Expand
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
TLDR
It is concluded that many academic proposals to replace text passwords for general-purpose user authentication on the web have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Expand
Password management strategies for online accounts
TLDR
This study quantifies how many passwords undergraduates had and how often they reused them, and discusses how current systems support poor password practices and potential changes in website authentication systems and password managers. Expand
Passwords: The Basics and Beyond
TLDR
This chapter discusses that the most important aspect of information security is the selection of strong passwords and describes techniques how one can build strong password and explains how to protect password from attack. Expand
On User Choice in Graphical Password Schemes
TLDR
It is shown that permitting user selection of passwords in two graphical password schemes can yield passwords with entropy far below the theoretical optimum and, in some cases, that are highly correlated with the race or gender of the user. Expand
Optimizing password composition policies
TLDR
This work introduces the first theoretical model for optimizing password composition policies, and constructs almost optimal policies, which are specified as a union of subsets of allowed passwords, and requires only a small number of samples of users' preferred passwords. Expand
Graphical passwords: Learning from the first twelve years
TLDR
This article first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages, and reviews usability requirements for knowledge-based authentication as they apply to graphical passwords. Expand
A large-scale study of web password habits
TLDR
The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. Expand
Are Passfaces More Usable Than Passwords? A Field Trial Investigation
TLDR
A usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial indicates the importance of evaluating the usability of security mechanisms in field trials. Expand
...
1
2
3
4
5
...