Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Cue-Pin-Select, a Secure Mental Password Manager

Abstract : People struggle to invent safe passwords for many of their typical online activities, leading to a variety of security problems when they use overly simple passwords or reuse them multiple times with minor modifications. Having different passwords for each service generally requires password managers or memorable (but weak) passwords, introducing other vulnerabilities. Recent research has offered multiple alternatives but those require either rote memorisation or computation on a physical device. This paper describes a secure and usable solution to this problem that requires no assistance from any physical device. We present the Cue-Pin-Select password family scheme that requires little memorisation and allows users to create and retrieve passwords easily. It uses our natural cognitive abilities to be durable, adaptable to different password requirements, and resistant to attacks, including ones involving plain-text knowledge of some passwords from the family. We include a theoretical analysis of its security according to multiple attack models. Finally, we show the promising results of a small-scale user study that put participants in real-life conditions for multiple days.
Complete list of metadata

Cited literature [40 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01781231
Contributor : Enka Blanchard Connect in order to contact the contributor
Submitted on : Tuesday, April 28, 2020 - 7:33:48 AM
Last modification on : Wednesday, November 3, 2021 - 6:44:16 AM

File

Cue_Pin_Select__a_Secure_and_U...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01781231, version 2

Citation

Enka Blanchard, Leila Gabasova, Ted Selker, Eli Sennesh. Cue-Pin-Select, a Secure Mental Password Manager. 2020. ⟨hal-01781231v2⟩

Share

Metrics

Record views

380

Files downloads

972