CERIAS Security: Towards Secure and Re-usable Multiple Password Mnemonics 6/7
Clip 6/7 Speaker: Umut Topkara ยท Purdue University This talk will focus on human aspects of authentication mechanisms. I will present two methods that we have developed to reinforce the security of existing systems by improving their usability. Previous studies have repeatedly shown that users find it taxing to remember truly random passwords. Many users choose easy to guess –therefore not secure– passwords, since they require the least effort to recall. Experienced users adopt “mnemonic phrases” to generate and easily recall more secure passwords. However, regularity in the human languages may render such passwords vulnerable against a brute force attack. In the first part of the talk, I will present a method that we developed to automatically generate mnemonic phrases which can yield secure passwords in an effort to increase the usability of text password authentication. Many computer users need to remember a multiplicity of usernames and passwords for different systems, and the users tend to reuse passwords across these systems which may have different security guarantees. In such cases remembering a different mnemonic phrase for each password does not scale and quickly becomes a challenging task. In the second part of the talk, I will present a scheme that helps the users remember a multiplicity of truly random passwords. The new scheme is applicable to an existing password authentication system without any modification, as it does not require any form of …
