StoryPass: a system and study for memorable secure passphrases.
Date
2014-10-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The goal of this thesis is to study the implementation of a passphrase system that
implements new creation policies, called StoryPass. We are motivated to do this
research as current text-based authentication methods, such as the password, fail to
provide adequate security and usability. We call our system StoryPass because we
were inspired by previous research which states that information created with stories
can be more memorable. The problem we address is the lack of research on secure and
usable passphrase creation guidelines. Our main contributions include a theoretical
security analysis, a controlled 39-day user study and an estimate of the security
that the resulting passphrases provide. Our security estimates are mainly performed
through an algorithm that uses n-grams to estimate the number of attempts required
to successfully guess passphrases created in StoryPass. We were able to successfully
guess 64% of the passphrases collected during our 39-day user study, but with only
a very large number of attempts. The passphrases which were not guessed generally
contained slang and \non-words" which are words that are not found in standard
dictionaries. Using a sentence-like structure in passphrases greatly improved usability.
Memory errors were the leading cause of failed login; error correction techniques were
used to prevent login failures from typographical errors. This thesis discusses how
results from our user study can be used to help guide future passphrase creation
policies.
Description
Keywords
Passphrases, User-authentication, Human -factors, Usable computing