Passphrases have many uses, such as serving as seeds for passwords. User-created passphrases are easier to remember, but tend to be less secure than ones created from words randomly chosen in a dictionary. This paper develops a way of making more memorable, more secure passphrases. It investigates the security and usability of creating a passphrase by choosing from a randomly generated set of words presented as an array. A usability experiment shows that participants using this method are weakly affected by the word's position in the array, and more importantly by word familiarity. Passphrases chosen from randomly generated lists achieved 97% to 99% of the maximal entropy in randomly generated passphrases and caused less than half of the memory mistakes. Prompting a person with random words from a large dictionary is an effective way of helping them make a more memorable high-entropy passphrase.
CCS CONCEPTS• Security and privacy → Authentication; Usability in security and privacy; • Human-centered computing → Empirical studies in HCI;
Today's biometric authentication systems are still struggling with replay attacks and irrevocable stolen credentials. This paper introduces a biometric protocol that addresses such vulnerabilities. The approach prevents identity theft by being based on memory creation biometrics. It takes inspiration from two different authentication methods, eye biometrics and challenge systems, as well as a novel biometric feature: the pupil memory effect. The approach can be adjusted for arbitrary levels of security, and credentials can be revoked at any point with no loss to the user. The paper includes an analysis of its security and performance, and shows how it could be deployed and improved.
Recent work on passwords has focused on choosing secure codes, while design for ability to type them error-free has not received as much attention. The difficulties people were having transcribing codes in a security demonstration motivated this study of code transcription difficulty. A pilot study with 33 subjects and a follow-up study with 267 subjects from 24 countries measured performance and preference for codes of varying lengths, patterns, and character sets. The study found long codes with alternating consonant and vowel patterns are preferred and can be more accurately transcribed than shorter numeric or alphabetic codes. Mixed-case and alphanumeric character sets both increased transcription errors. Our proposed CVC 6 code design composed of six Consonant-Vowel-Consonant trigrams is more secure, faster to enter, highly preferred by users, and more impervious to user error when compared to standard codes currently used for security purposes. An extension integrates error detection and correction, essentially eliminating typo problems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.