Página 1 dos resultados de 230 itens digitais encontrados em 0.001 segundos

## Passwords Usage and Human Memory Limitations: A Survey across Age and Educational Background

Pilar, Denise Ranghetti; Jaeger, Antonio; Gomes, Carlos F. A.; Stein, Lilian Milnitsky
Fonte: Public Library of Science Publicador: Public Library of Science
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.74293%
The present article reports a survey conducted to identify the practices on passwords usage, focusing particularly on memory limitations and the use of passwords across individuals with different age and education backgrounds. A total of 263 participants were interviewed, with ages ranging from 18 to 93 years, and education level ranging from grade school to graduate degree. Contrary to our expectations, effects of cognitive decline due to aging were not observed on memory performance for passwords. The results suggested instead, that the number of password uses was the most influential factor on memory performance. That is, as the number of circumstances in which individuals utilized passwords increased, the incidence of forgotten and mixed-up passwords also increased. The theoretical significance of these findings and their implications for good practices on password usage are discussed.

## Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords

Whitty, Monica; Doodson, James; Creese, Sadie; Hodges, Duncan
Fonte: Mary Ann Liebert, Inc. Publicador: Mary Ann Liebert, Inc.
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.531934%
In spite of the number of public advice campaigns, researchers have found that individuals still engage in risky password practices. There is a dearth of research available on individual differences in cyber security behaviors. This study focused on the risky practice of sharing passwords. As predicted, we found that individuals who scored high on a lack of perseverance were more likely to share passwords. Contrary to our hypotheses, we found older people and individuals who score high on self-monitoring were more likely to share passwords. We speculate on the reasons behind these findings, and examine how they might be considered in future cyber security educational campaigns.

## Passwords Security: An Exploratory Study

Zviran, Moshe; Haga, William James
Tipo: Relatório
Português
Relevância na Pesquisa
27.80983%
One of the most common control mechanisms for authenticating users of computer based information systems is the use of passwords. However, despite the widespread use of passwords, only little attention has been given to the characteristics of their actual use. This paper addresses the gap in evaluating the characteristics of real-life passwords and presents the results of an empirical study on passwords usage. It investigates the core characteristics of user-generated passwords in DoD environment and associations between those variables. Keywords: Computer security; Passwords

## A Comparison of Password Techniques for Multilevel Authentication Mechanisms

Zviran, Moshe; Haga, William James
Tipo: Relatório Formato: NA
Português
Relevância na Pesquisa
27.992285%
Various mechanisms for authenticating users of computer-based information systems have been proposed. These include traditional, user-selected passwords, system-generated passwords, passphrases, cognitive passwords and associative passwords. While the mechanisms employed im primary passwords are determined by the operating systems' manufacturers, system designers can select any password mechanism for secondary passwords, to further protect sensitive applications and data files. This paper reports on the results of an empirically based study of passwords characteristics. It provides a comparative evaluation on the memorability and users' subjective preferences of the various passwords mechanisms, and suggest that cognitive passwords and associative passwords seem the most appropriate for secondary passwords. Keywords: Computer security. (kr); Research Council of the Naval Postgraduate School.; http://archive.org/details/comparisonofpass00zvir; O&MN, Direct Funding; NA

## The characteristics of user-generated passwords

Sawyer, Darren Antwon
Tipo: Tese de Doutorado Formato: viii, 100 p.
Português
Relevância na Pesquisa
37.862185%
Approved for public release; distribution is unlimited.; The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to create a pseudo-random combination of characters or they can be user-generated. User-generated passwords typically take on the characteristics of some type of meaningful detail that is simple in structure and easy to remember. Memorability and security pose a difficult trade-off in password generation. A system security administrator wants passwords that are unpredictable, frequently changed and provide the greatest degree of system security achievable while users want passwords that are simple and easy to remember. When they become difficult to remember they are likely to be written down. Once written down a compromise to security occurs because users tend to store them in insecure places. This thesis looks at user-generated password characteristics. Of particular interest is how password selection, memorability and predictability are affected by the number of characters in a password, the importance and sensitivity of a user's data, a user's work location...

## Pathwords: a user-friendly schema for common passwords management

Finelli, Michele
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.74293%
Many computer-based authentication schemata are based on pass- words. Logging on a computer, reading email, accessing content on a web server are all examples of applications where the identification of the user is usually accomplished matching the data provided by the user with data known by the application. Such a widespread approach relies on some assumptions, whose satisfaction is of foremost importance to guarantee the robustness of the solution. Some of these assumptions, like having a "secure" chan- nel to transmit data, or having sound algorithms to check the correct- ness of the data, are not addressed by this paper. We will focus on two simple issues: the problem of using adequate passwords and the problem of managing passwords. The proposed solution, the pathword, is a method that guarantees: 1 that the passwords generated with the help of a pathword are adequate (i.e. that they are not easy to guess), 2 that managing pathwords is more user friendly than managing passwords and that pathwords are less amenable to problems typical of passwords.

## A Probabilistic Approach for Authenticating Text or Graphical Passwords Using Back Propagation

Chakravarthy, ASN; Avadhani, Prof. P S
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.057197%
Password authentication is a common approach to the system security and it is also a very important procedure to gain access to user resources. In the conventional password authentication methods a server has to authenticate the legitimate user. In our proposed method users can freely choose their passwords from a defined character set or they can use a graphical image as password and that input will be normalized. Neural networks have been used recently for password authentication in order to overcome pitfall of traditional password authentication methods. In this paper we proposed a method for password authentication using alphanumeric password and graphical password. We used Back Propagation algorithm for both alphanumeric (Text) and graphical password by which the level of security can be enhanced. This paper along with test results show that converting user password in to Probabilistic values enhances the security of the system; Comment: ten pages

## Can background baroque music help to improve the memorability of graphical passwords?

Gao, Haichang; Chang, Xiuling; Ren, Zhongjie; Aickelin, Uwe; Wang, Liming
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.862185%
Graphical passwords have been proposed as an alternative to alphanumeric passwords with their advantages in usability and security. However, they still tend to follow predictable patterns that are easier for attackers to exploit, probably due to users' memory limitations. Various literatures show that baroque music has positive effects on human learning and memorizing. To alleviate users' memory burden, we investigate the novel idea of introducing baroque music to graphical password schemes (specifically DAS, PassPoints and Story) and conduct a laboratory study to see whether it is helpful. In a ten minutes short-term recall, we found that participants in all conditions had high recall success rates that were not statistically different from each other. After one week, the music group coped PassPoints passwords significantly better than the group without music. But there was no statistical difference between two groups in recalling DAS passwords or Story passwords. Further more, we found that the music group tended to set significantly more complicated PassPoints passwords but less complicated DAS passwords.; Comment: Proceedings of the International Conference on Image Analysis and Recognition, ICIAR2010, Povoa de Varzim, Portugal...

## Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords

Blocki, Jeremiah; Komanduri, Saranga; Cranor, Lorrie; Datta, Anupam
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
27.351082%
We report on a user study that provides evidence that spaced repetition and a specific mnemonic technique enable users to successfully recall multiple strong passwords over time. Remote research participants were asked to memorize 4 Person-Action-Object (PAO) stories where they chose a famous person from a drop-down list and were given machine-generated random action-object pairs. Users were also shown a photo of a scene and asked to imagine the PAO story taking place in the scene (e.g., Bill Gates---swallowing---bike on a beach). Subsequently, they were asked to recall the action-object pairs when prompted with the associated scene-person pairs following a spaced repetition schedule over a period of 127+ days. While we evaluated several spaced repetition schedules, the best results were obtained when users initially returned after 12 hours and then in $1.5\times$ increasing intervals: 77% of the participants successfully recalled all 4 stories in 10 tests over a period of 158 days. Much of the forgetting happened in the first test period (12 hours): 89% of participants who remembered their stories during the first test period successfully remembered them in every subsequent round. These findings, coupled with recent results on naturally rehearsing password schemes...

## Towards Making Random Passwords Memorable: Leveraging Users' Cognitive Ability Through Multiple Cues

Al-Ameen, Mahdi Nasrullah; Wright, Matthew; Scielzo, Shannon
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.654446%
Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38.0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.; Comment: Will appear at CHI 2015 Conference, to be held at Seoul, Korea

## The Scale-free Network of Passwords : Visualization and Estimation of Empirical Passwords

Guo, Xiujia; Chen, Haibo; Liu, Xuqin; Xu, Xiangyu; Chen, Zhong
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.531934%
In this paper, we present a novel vision of large scale of empirical password sets available and improve the understanding of passwords by revealing their interconnections and considering the security on a level of the whole password set instead of one single password level. Through the visualization of Yahoo, Phpbb, 12306, etc. we, for the first time, show what the spatial structure of empirical password sets are like and take the community and clustering patterns of the passwords into account to shed lights on the definition of popularity of a password based on their frequency and degree separately. Furthermore, we propose a model of statistical guessing attack from the perspective of the data's topological space, which provide an explanation of the "cracking curve". We also give a lower bound of the minimum size of the dictionary needed to compromise arbitrary ratio of any given password set by proving that it is equivalent to the minimum dominating set problem, which is a NP-complete problem. Hence the minimal dictionary problem is also NP-complete.; Comment: 9 pages, 14 figures

## A Novel Approach for Authenticating Textual or Graphical Passwords Using Hopfield Neural Network

Chakravarthy, ASN; Avadhani, P S; Prasad, P. E. S. N Krishna; Rajeevand, N.; Reddy, D. Rajasekhar
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.531934%
Password authentication using Hopfield Networks is presented in this paper. In this paper we discussed the Hopfield Network Scheme for Textual and graphical passwords, for which input Password will be converted in to probabilistic values. We observed how to get password authentication using Probabilistic values for Textual passwords and Graphical passwords. This study proposes the use of a Hopfield neural network technique for password authentication. In comparison to existing layered neural network techniques, the proposed method provides better accuracy and quicker response time to registration and password changes.; Comment: 14 pages, 18 figures, published in Advanced Computing: An International Journal (ACIJ)

Blocki, Jeremiah; Blum, Manuel; Datta, Anupam; Vempala, Santosh
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
27.057197%
An interesting challenge for the cryptography community is to design authentication protocols that are so simple that a human can execute them without relying on a fully trusted computer. We propose several candidate authentication protocols for a setting in which the human user can only receive assistance from a semi-trusted computer --- a computer that stores information and performs computations correctly but does not provide confidentiality. Our schemes use a semi-trusted computer to store and display public challenges $C_i\in[n]^k$. The human user memorizes a random secret mapping $\sigma:[n]\rightarrow\mathbb{Z}_d$ and authenticates by computing responses $f(\sigma(C_i))$ to a sequence of public challenges where $f:\mathbb{Z}_d^k\rightarrow\mathbb{Z}_d$ is a function that is easy for the human to evaluate. We prove that any statistical adversary needs to sample $m=\tilde{\Omega}(n^{s(f)})$ challenge-response pairs to recover $\sigma$, for a security parameter $s(f)$ that depends on two key properties of $f$. To obtain our results, we apply the general hypercontractivity theorem to lower bound the statistical dimension of the distribution over challenge-response pairs induced by $f$ and $\sigma$. Our lower bounds apply to arbitrary functions $f$ (not just to functions that are easy for a human to evaluate)...

Qureshi, M Atif; Younus, Arjumand; Khan, Arslan Ahmed
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.531934%
Over the years security experts in the field of Information Technology have had a tough time in making passwords secure. This paper studies and takes a careful look at this issue from the angle of philosophy and cognitive science. We have studied the process of passwords to rank its strengths and weaknesses in order to establish a quality metric for passwords. Finally we related the process to human senses which enables us to propose a constitutional scheme for the process of password. The basic proposition is to exploit relationship between human senses and password to ensure improvement in authentication while keeping it an enjoyable activity.; Comment: International Journal of Computer Science Issues (IJCSI), Volume 1, pp8-12, August 2009

Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.531934%
This paper presents a visual passwords system to increase security. The system depends mainly on recognizing the speaker using the visual speech signal alone. The proposed scheme works in two stages: setting the visual password stage and the verification stage. At the setting stage the visual passwords system request the user to utter a selected password, a video recording of the user face is captured, and processed by a special words-based VSR system which extracts a sequence of feature vectors. In the verification stage, the same procedure is executed, the features will be sent to be compared with the stored visual password. The proposed scheme has been evaluated using a video database of 20 different speakers (10 females and 10 males), and 15 more males in another video database with different experiment sets. The evaluation has proved the system feasibility, with average error rate in the range of 7.63% to 20.51% at the worst tested scenario, and therefore, has potential to be a practical approach with the support of other conventional authentication methods such as the use of usernames and passwords.

## Generating 56-bit passwords using Markov Models (and Charles Dickens)

Clements, John
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
27.654446%
We describe a password generation scheme based on Markov models built from English text (specifically, Charles Dickens' *A Tale Of Two Cities*). We show a (linear-running-time) bijection between random bitstrings of any desired length and generated text, ensuring that all passwords are generated with equal probability. We observe that the generated passwords appear to strike a reasonable balance between memorability and security. Using the system, we get 56-bit passwords like 'The cusay is wither?" t', rather than passwords like 'tQ\$%Xc4Ef'.; Comment: 5 pages, 2 figures

Blocki, Jeremiah; Blum, Manuel; Datta, Anupam
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
27.531934%
We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions. In particular, password management relies on assumptions about human memory, e.g., that a user who follows a particular rehearsal schedule will successfully maintain the corresponding memory. These assumptions are informed by research in cognitive science and validated through empirical studies. Given rehearsal requirements and a user's visitation schedule for each account, we use the total number of extra rehearsals that the user would have to do to remember all of his passwords as a measure of the usability of the password scheme. Our usability model leads us to a key observation: password reuse benefits users not only by reducing the number of passwords that the user has to memorize, but more importantly by increasing the natural rehearsal rate for each password. We also present a security model which accounts for the complexity of password management with multiple accounts and associated threats...

## Guessing human-chosen secrets

Bonneau, Joseph
Fonte: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory Publicador: University of Cambridge; Faculty of Computer Science and Technology; Computer Laboratory
Tipo: Thesis; doctoral; PhD
Português
Relevância na Pesquisa
27.654446%
Authenticating humans to computers remains a notable weak point in computer security despite decades of effort. Although the security research community has explored dozens of proposals for replacing or strengthening passwords, they appear likely to remain entrenched as the standard mechanism of human-computer authentication on the Internet for years to come. Even in the optimistic scenario of eliminating passwords from most of today's authentication protocols using trusted hardware devices or trusted servers to perform federated authentication, passwords will persist as a means of "last-mile" authentication between humans and these trusted single sign-on deputies. This dissertation studies the difficulty of guessing human-chosen secrets, introducing a sound mathematical framework modeling human choice as a skewed probability distribution. We introduce a new metric, alpha-guesswork, which can accurately models the resistance of a distribution against all possible guessing attacks. We also study the statistical challenges of estimating this metric using empirical data sets which can be modeled as a large random sample from the underlying probability distribution. This framework is then used to evaluate several representative data sets from the most important categories of human-chosen secrets to provide reliable estimates of security against guessing attacks. This includes collecting the largest-ever corpus of user-chosen passwords...

## Passwords and the Evolution of Imperfect Authentication

Bonneau, Joseph; Herley, Cormac; van Oorschot, Paul C.; Stajano, Frank
Tipo: Article; accepted version
Português
Relevância na Pesquisa
27.351082%
This is the author accepted manuscript. The final version is available from ACM via http://dx.doi.org/10.1145/2699390; Theory on passwords has lagged behind practice, where large providers use back-end smarts to survive with imperfect technology. Simplistic models of user and attacker behaviors have led the research community to emphasize the wrong threats. Authentication is a classification problem amenable to machine learning, with many signals in addition to the password available to largeWeb services. Passwords will continue as a useful signal for the foreseeable future, where the goal is not impregnable security but reducing harm at acceptable cost.

## Web-­based single sign-on: an examination of security and usability

Waters, Samuel
Fonte: Rochester Instituto de Tecnologia Publicador: Rochester Instituto de Tecnologia