Logo: University of Southern California

Events Calendar

  • PhD Defense - Simon Woo

    Mon, Jun 12, 2017 @ 09:00 AM - 11:00 AM

    Thomas Lord Department of Computer Science

    University Calendar

    PhD Candidate: Simon Woo
    Date: June 12, 2017
    Time: 9:00am-11:00am
    Location: SAL 322
    Jelena Mirkovic (Adviser)

    Ron Artstein

    Kevin Knight

    Elsi Kaiser (outside member)


    Textual passwords are widely used for user authentication, but they are often difficult for a user to recall, and easily cracked by automated programs, and heavily re-used. Weak or reused passwords are guilty for many contemporary security breaches. Hence, it is critical to study both how users choose and reuse passwords, and the reasons that they adopt unsafe practices. In this thesis, I first examine the reasons why people create weak passwords and reuse these over multiple accounts. My research complements the body of existing works by studying the semantic structure, strength and reuse of real passwords, as well as conscious and unconscious causes of unsafe practices, using a test group population of 50 participants. Significant reuse and weak passwords clearly demonstrate the need for alternative authentication methods that are more memorable, secure, and less reused. My next three key thesis topics focus on developing novel authentication mechanisms that can directly improve current approaches. The first approach, "Life-Experience Passwords (LEPs)." uses a person's prior life experience as information to generate more memorable and secure authentication questions. We show that LEPs significantly raise the level of memorability and security compared to existing passwords and security questions. My second approach constructs more memorable and more secure passphrases through the novel use of mnemonics - multi-letter abbreviations of passphrases (MNPass), made of the first letters of each word in a passphrase. I apply mnemonics when generating and authenticating passphrases and show that the mnemonics-based approach improved recall compared to randomly generated passphrases and enhanced strength compared to user-selected passphrases. My last work explores password creation with semantic feedback (GuidedPass). I analyze user-input passwords and provide real-time, specific suggestions for improvement based on their existing semantic structure. GuidedPass passwords are 10^4 to 10^7 times stronger and as memorable as user initial passwords. GuidedPass passwords are also 100 times stronger and 1.2 times more memorable than passwords created with only password-meter feedback.

    Simon Woo is a Ph.D. candidate advised by Prof. Jelena Mirkovic. His current research focuses on improving user authentication, and understanding human factors in cybersecurity to better design secure systems.

    Location: 322

    Audiences: Everyone Is Invited

    Contact: Lizsl De Leon


Return to Calendar