Open AccessProceedings Article
Digital objects as passwords
Mohammad Mannan,P. C. van Oorschot +1 more
- 29 Jul 2008
- pp 2
TL;DR: This work exploits the fact that many users now own or have access to a large quantity of digitized personal or personally meaningful content in designing an object-based password scheme called ObPwd, which may enable users to create and maintain high quality passwords.
read more
Abstract: Security proponents heavily emphasize the importance of choosing a strong password (one with high entropy). Unfortunately, by design, most humans are apparently incapable of generating such passwords, or memorizing a random-looking, machine-generated one for long-term use. Infrequently used passwords pose even bigger security and usability problems. We exploit the fact that many users now own or have access to a large quantity of digitized personal or personally meaningful content in designing an object-based password scheme called ObPwd. ObPwd enables users to select a password generating object from their local collection or from the web, and then converts the password object (e.g. an image, a particular piece of music, excerpt from a book) to a (potentially) high-entropy text password that can be used for regular or secondary web authentication, or in local applications (e.g. encryption). Instead of requiring users to memorize an exact password, ObPwd only requires one to remember a hint or pointer to the password object used. We believe that choosing digital objects as passwords is an interesting alternative to explore, and may enable users to create and maintain high quality passwords. We have implemented a prototype, and solicit feed-back from the research community in regard to using digital objects as passwords.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Tapas: design, implementation, and usability evaluation of a password manager
Daniel McCarney,David Barrera,Jeremy Clark,Sonia Chiasson,Paul C. van Oorschot +4 more
- 03 Dec 2012
TL;DR: This paper introduces Tapas, a concrete implementation of dual-possession authentication leveraging a desktop computer and a smartphone that requires no server-side changes to websites, no master password, and protects all the stored passwords in the event either the primary or secondary device is stolen.
Modeling the Adversary to Evaluate Password Strength With Limited Samples
Saranga Komanduri
- 01 Jan 2016
TL;DR: In this article, the authors propose a method to solve the problem of "uniformity" and "uncertainty" in the context of education.iii.iiiiii.
28
Mercury: recovering forgotten passwords using personal devices
Mohammad Mannan,David Barrera,Carson D. Brown,David Lie,Paul C. van Oorschot +4 more
- 28 Feb 2011
TL;DR: This work presents a scheme called Mercury, which employs user-level public keys and a personal mobile device (PMD) such as a smart-phone, netbook, or tablet to allow forgotten passwords to be securely restored.
AutoPass: An automatic password generator
Fatma Al Maqbali,Chris J. Mitchell +1 more
- 01 Oct 2017
TL;DR: In this paper, the authors present AutoPass, a client-side password generator that generates site-specific strong passwords on demand, with minimal user input, including forced password changes, use of pre-specified passwords and passwords meeting site specific requirements.
14
A Steganography-based framework to prevent active attacks during user authentication
Sudantha Gunawardena,Dhananjay Kulkarni,Balachandran Gnanasekaraiyer +2 more
- 26 Apr 2013
TL;DR: In this article, an image steganography based authentication scheme and user profile management is proposed, which can act as a universal authentication framework, which has a balance between security, integrity and availability.
13
References
A large-scale study of web password habits
Dinei Florencio,Cormac Herley +1 more
- 08 May 2007
TL;DR: The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site.
Password security: a case history
Robert Morris,Ken Thompson +1 more
TL;DR: The present design of the password security scheme was the result of countering observed attempts to penetrate the system and is a compromise between extreme security and ease of use.
Password memorability and security: empirical results
Jeff Yan,Alan F. Blackwell,Ross Anderson,Adam M. Grant +3 more
- 01 Sep 2004
TL;DR: To determine how to help users choose good passwords, the authors performed a controlled trial of the effects of giving users different kinds of advice.
768
Graphical passwords: a survey
Xiaoyuan Suo,Ying Zhu,G.S. Owen +2 more
- 05 Dec 2005
TL;DR: This survey tries to answer two important questions: "Are graphical passwords as secure as text-based passwords?" and "What are the major design and implementation issues for graphical passwords?"
The S/KEY One-Time Password System
N. Haller
- 01 Feb 1995
TL;DR: This document describes the S/KEY* One-Time Password system as released for public use by Bellcore and as described in reference [3].
Related Papers (5)
Dinei Florencio,Cormac Herley +1 more
- 08 May 2007
B. Bazeer Ahamed,Shanmugasundaram Hariharan,S. India +2 more
- 01 Jan 2012
Darren Antwon Sawyer
- 28 Feb 1990