Mon, Jun 12, 2017 @ 09:00 AM - 11:00 AM
PhD Candidate: Simon Woo
Date: June 12, 2017
Location: SAL 322
Jelena Mirkovic (Adviser)
Elsi Kaiser (outside member)
Title: MEMORABLE, SECURE, AND USABLE AUTHENTICATION SECRETS
Textual passwords are widely used for user authentication, but they are often difficult for a user to recall, and easily cracked by automated programs, and heavily re-used. Weak or reused passwords are guilty for many contemporary security breaches. Hence, it is critical to study both how users choose and reuse passwords, and the reasons that they adopt unsafe practices. In this thesis, I first examine the reasons why people create weak passwords and reuse these over multiple accounts. My research complements the body of existing works by studying the semantic structure, strength and reuse of real passwords, as well as conscious and unconscious causes of unsafe practices, using a test group population of 50 participants. Significant reuse and weak passwords clearly demonstrate the need for alternative authentication methods that are more memorable, secure, and less reused. My next three key thesis topics focus on developing novel authentication mechanisms that can directly improve current approaches. The first approach, "Life-Experience Passwords (LEPs)." uses a person's prior life experience as information to generate more memorable and secure authentication questions. We show that LEPs significantly raise the level of memorability and security compared to existing passwords and security questions. My second approach constructs more memorable and more secure passphrases through the novel use of mnemonics - multi-letter abbreviations of passphrases (MNPass), made of the first letters of each word in a passphrase. I apply mnemonics when generating and authenticating passphrases and show that the mnemonics-based approach improved recall compared to randomly generated passphrases and enhanced strength compared to user-selected passphrases. My last work explores password creation with semantic feedback (GuidedPass). I analyze user-input passwords and provide real-time, specific suggestions for improvement based on their existing semantic structure. GuidedPass passwords are 10^4 to 10^7 times stronger and as memorable as user initial passwords. GuidedPass passwords are also 100 times stronger and 1.2 times more memorable than passwords created with only password-meter feedback.
Simon Woo is a Ph.D. candidate advised by Prof. Jelena Mirkovic. His current research focuses on improving user authentication, and understanding human factors in cybersecurity to better design secure systems.
Audiences: Everyone Is Invited
Contact: Lizsl De Leon