Cue-Pin-Select, a Secure and Usable Offline Password Scheme

Abstract : People struggle to invent safe passwords for many of their typical online activities. This leads to a variety of security problems when they use overly simple passwords or reuse them multiple times with minor modifications. Having different passwords for each service generally requires password managers or memorable (but weak) passwords, introducing other vulnerabilities [10, 18]. Recent research [14, 6] has offered multiple alternatives but those require either rote mem-orization [8] or computation on a physical device [23, 7]. This paper presents the Cue-Pin-Select password family scheme, which uses simple mental operations (counting and character selection) to create a password from a passphrase and the name of the service the password is targeted for. It needs little memorization to create and retrieve passwords, and requires no assistance from any physical device. It is durable and adaptable to different password requirements. It is secure against known threat models, including against adversaries with stolen passwords. A usability test shows the successes of users in real-life conditions over four days.
Document type :
Preprints, Working Papers, ...
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01781231
Contributor : Nikola Blanchard <>
Submitted on : Saturday, July 21, 2018 - 6:33:46 PM
Last modification on : Friday, April 5, 2019 - 8:16:31 PM
Document(s) archivé(s) le : Monday, October 1, 2018 - 1:07:58 AM

Identifiers

  • HAL Id : hal-01781231, version 1

Collections

Citation

Nicolas Blanchard, Leila Gabasova, Ted Selker, Eli Sennesh. Cue-Pin-Select, a Secure and Usable Offline Password Scheme. 2018. ⟨hal-01781231⟩

Share

Metrics

Record views

107

Files downloads

319