Memorablity and Security of Different Passphrase Generation Methods

  • 우 사이먼 (한국뉴욕주립대학교 컴퓨터과학과) ;
  • Published : 2018.02.28

Abstract

Passphrases are considered to be more secure than passwords since they are longer than passwords. However, users choose predictable word patterns and common phrases to make passphrases memorable, which in turn significantly lowers security. While random passphrases appear to be stronger, surprisingly they are neither strong nor memorable. In this paper, we present the latest passphrase research, and introduce a new way to create a passphrase using mnemonics. Passphrase generation using mnemonics shows promising results in improving both strength and memorability.

Keywords

References

  1. KEITH, M., SHAO, B., AND STEINBART, P. A Behavioral Analysis of Passphrase Design and Effectiveness. Journal of the Association for Information Systems 10, 2 (2009),
  2. KEITH, M., SHAO, B., AND STEINBART, P. J. The Usability of Passphrases for Authentication: An Empirical Field Study. International journal of human-computer studies 65, 1 (2007), 17-28. https://doi.org/10.1016/j.ijhcs.2006.08.005
  3. SPECTOR, Y., AND GINZBERG, J. Pass-sentence - a New Approach to Computer Code. Computers & Security 13, 2 (1994), 145-160. https://doi.org/10.1016/0167-4048(94)90064-7
  4. ZVIRAN, M., AND HAGA, W. J. A Comparison of Password Techniques for Multilevel Authentication Mechanisms. The Computer Journal 36, 3 (1993), 227-237. https://doi.org/10.1093/comjnl/36.3.227
  5. KUO, C., ROMANOSKY, S., AND CRANOR, L. F. Human Selection of Mnemonic Phrasebased Passwords. In Proceedings of the 2006 Symposium on Usable Privacy and Security, pp. 67-78.
  6. RAO, A., JHA, B., AND KINI, G. Effect of Grammar on Security of Long Passwords. In Proceedings of the third ACM conference on Data and application security and privacy(2013), pp. 317-324.
  7. SHAY, R., KELLEY, P. G., KOMANDURI, S., MAZUREK, M. L., UR, B., VIDAS, T., BAUER, L., CHRISTIN, N., AND CRANOR, L. F. Correct Horse Battery Staple: Exploring the Usability of System-assigned Passphrases. In Proceedings of the 2012 Symposium on Usable Privacy and Security, p. 7.
  8. FRANCIS, W. N., AND KUCERA, H. Brown corpus manual. Brown University (1979).
  9. VERAS, R., COLLINS, C., AND THORPE, J. On semantic patterns of passwords and their security impact. In NDSS (2014).
  10. BONNEAU, J., AND SHUTOVA, E. Linguistic Properties of Multi-word Passphrases. In Financial Cryptography and Data Security. Springer, 2012, pp. 1-12.
  11. CHIASSON, S., FORGET, A., BIDDLE, R., AND VAN OORSCHOT, P. C. Influencing Users Towards Better Passwords: Persuasive Cued Click-points. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction-Volume 1 (2008), British Computer Society, pp. 121-130.
  12. CHIASSON, S., VAN OORSCHOT, P. C., AND BIDDLE, R. Graphical Password Authentication Using Cued Click Points. In European Symposium on Research in Computer Security(2007), Springer, pp. 359-374.
  13. DAVIS, D., MONROSE, F., AND REITER, M. K. On User Choice in Graphical Password Schemes. In USENIX Security Symposium (2004), vol. 13, pp. 11-11.
  14. BIDDLE, R., CHIASSON, S., AND VAN OORSCHOT, P. C. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR) 44, 4 (2012), 19.
  15. Bicakci, Kemal, and Paul C. van Oorschot. "A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation." Proceedings of the 2011 New Security Paradigms Workshop. ACM, 2011.
  16. KUO, C., ROMANOSKY, S., AND CRANOR, L. F. Human Selection of Mnemonic Phrasebased Passwords. In Proceedings of the 2006 Symposium on Usable Privacy and Security, pp. 67-78.
  17. BLOCKI, J., KOMANDURI, S., CRANOR, L., AND DATTA, A. Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords. arXiv preprint arXiv:1410.1490 (2014)
  18. DAS, S., HONG, J., AND SCHECHTER, S. Testing Computer-Aided Mnemonics and Feedbackfor Fast Memorization of High-Value Secrets. Proceedings of the 2016 Usable Security Workshop.
  19. Password Strength xkcd, https://xkcd.com/936/
  20. Simon S. Woo and Jelena Mirkovic. "Improving Recall and Security of Passphrases Through Use of Mnemonics", Proceedings of the 10th International Conference on Passwords(Passwords), Bochum, Germany, 2016.
  21. DELL'AMICO, M., AND FILIPPONE, M. Monte Carlo Strength Evaluation: Fast and Reliable Password Checking. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (2015), ACM, pp. 158-169.