Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.

Published byJoshua Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown."— Presentation transcript:

1 User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown

2 Overview Introduction o Current Password Methods o Project Proposal Research o Related Works o Possible Solutions Demo Conclusions Questions

3 Password Generation Random o create random passwords that are secure and difficult to guess due to a combination of uppercase and lowercase letters, numbers, and punctuation symbols User Generated o passwords created by the user that are unique and made up due what is easiest for the user to remember

4 Project Proposal Problem secure passwords are becoming easier to crack than to remember security is compromised by user behavior through multiple instances o passwords aren't strong enough o storing passwords on computer o reusing passwords for multiple accounts

5 Project Proposal Purpose investigate two methods to generate passwords o using abstract images o using simple images based on results, methods will show whether images make it easier for users to remember passwords

6 Proposed Solution substitute the number of characters possible for a higher character count logically makes it easier for a human to remember creating 4 shorter words that create a 20- character password

7 Related Works Beaver, Kevin “Hacking For Dumies 3rd Edition Publisher: For Dummies Jan 12, 2010 Mohs, Richard C., PHD “How Human Memory Works” howstuffworks.com July 7 2011 Feb 29, 2012 “ The Human Memory” human-memory.net Feb 29, 2012 Shimonski, Rob “Hacking Techniques, Introduction to password cracking” ibm.com/developerworks/library/s-crack Jul 01 2002 Feb 29 2012 Vines, Russell Dean“Ethical hacking tools and techniques: password cracking” searchsecuritychannel.techtarget.com Feb 29 2012

8 Related Works http://ict.govt.nz/guidance-and-resources/standards-compliance/authentication-standards/password-standard/5- password-vulnerabilities-and-attacks http://static.usenix.org/event/usenix99/provos/provos_html/node11.html http://www.computer-network-security-training.com/what-are-password-attacks/ http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/232700282/command- injection-attacks-automated-password-guessing-on-the-rise.html http://www.windowsecurity.com/articles/passwords-attacks-solutions.html http://www.windowsitpro.com/article/kerberos/types-of-password-attacks- http://www.go4expert.com/forums/showthread.php?t=7685 http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices http://www.watchingthenet.com/how-to-create-strong-passwordsand-remember-them.html http://www.securitynewsdaily.com/553-how-to-create-remember-super-secure-passwords.html

9 Survey Test user generation password and recall upon forgetting Two Parts o Given 4 random words to remember o Shown 4 images o 2 Concrete o 2 Abstract o Asked to produce four words per image After one month, participants shown same images to test memory

10 Purposes 1. Test randomness of user generation for a given image 2. Test ability of user to recall password when linked with an image 3. Given word bank, efficiency of brute force attack

11

12 Total Participants: 20 9 took part in both generation and recall Duration between surveys: 1 month Results Over a short period of time successful recall Between two surveys recall almost nonexistant Randomly Generated Words

13 Results - Image Prompted Picture1234 Words Generated 115116115114 Unique Words67636874 Average Password Length 23212223 Minimum16111716 Maximum412730311

14 Results - Recall

15 Password Strength Measured in Entropy o lack of predictability Randomness stated in Bits (entropy per character) = log 2 (n) password entropy = L * (entropy per character) n = pool size of characters L = password length Calculation

16 Results - Entropy Average password length = 22 Entropy of case insensitive alphabet = 4.7 bits Average password entropy = 103 bits Time to crack at 1000 Guesses/Sec Character based = 4.2718 x 10 20 years Word bank (as generated by participants) = 5.5 hours

17 Demo

18 Future Work Conduct survey on a larger group in a more similar situation Determine method for randomly assigning unique images securely to users

19 Conclusions Image prompted passwords plausible alternative No user generated password were identical Traditional brute force methods highly inefficient Images did assist somewhat in recall

20 Inquiries?

Download ppt "User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna

Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna
ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.

ByPass A platform to evaluate Android authentication techniques Payas Gupta & Sarah Smith.
Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Patrick Gage Kelley, Saranga Komanduri, Michelle.
Www.durham.ac.uk/cmp Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.

Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.
Strong : Do You Really Need Them? October 30, 2013.

Strong : Do You Really Need Them? October 30, 2013.
User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.

User Authentication Rachna Dhamija Human Centered Computing Course December 6, 1999 Image Recognition in.
05-899/17-500 Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.

05-899/ Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.
CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 17 Fall 2002.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
1 Password Management Strategies for Online Accounts Shirley Gaw and Edward W. Felten Department of Computer Science Princeton University Sandhya Jognipalli.

1 Password Management Strategies for Online Accounts Shirley Gaw and Edward W. Felten Department of Computer Science Princeton University Sandhya Jognipalli.
HumanAUT Secure Human Identification Protocols Adam Bender Avrim Blum Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.

HumanAUT Secure Human Identification Protocols Adam Bender Avrim Blum Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.
ENTROPY OF FINGERPRINT SENSORS. Do different fingerprint sensors affect the entropy of a fingerprint? RESEARCH QUESTION/HYPOTHESIS.

ENTROPY OF FINGERPRINT SENSORS. Do different fingerprint sensors affect the entropy of a fingerprint? RESEARCH QUESTION/HYPOTHESIS.
How to Login into SSA ?. Home Page https://ssa.mahindrasatyam.com Click on My Profile.

How to Login into SSA ?. Home Page Click on My Profile.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).

MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Similar presentations

Ads by Google