Usability of Humanly Computable Passwords

Samadi, Samira; Vempala, Santosh; Kalai, Adam Tauman

doi:10.1609/hcomp.v6i1.13333

Cited by 5 publications

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Secure Human Identification Protocol with Human-Computable Passwords

Matelski

2022

Information Security Practice and Experience

View full text Add to dashboard Cite

In this paper we present a new method of secure human-computer identification, which remains safe also in untrusted systems and environments. This method allows the elimination of any supplementary gadgets/devices or theft-sensitive biometric data used by the Multi-Factor Authentication (MFA), and using only one secret as a universal private key for all obtainable online accounts. However, the features of this solution make it best suited for use by the Authentication Authority with the Single-Sign-On (SSO) method of identity and access management, rather than for individual services. Such a key is used by our innovative challenge-response protocol to generate One-Time-Password, e.g., 6-digit OTP, could be calculated by a human in only 12 s, also offline on paper documents with an acceptable level of security required for post-quantum symmetric cyphers, thanks to the hard lattice problem with noise introduced by our new method, which we call Learning with Options (LWO). The secret has the form of an outline like a kind of handwritten autograph, designed in invisible ink on the mapping grid. The password generation process requires following such an invisible contour on the challenge matrix created randomly by the verifier and reading values from secret fields to easily calculate each digit of OTP.

show abstract