Cue-Pin-Select, a Secure and Usable Offline Password Scheme

Abstract : People struggle to invent safe passwords for many of their typical online activities. This leads to a variety of security problems when they use overly simple passwords or reuse them multiple times with minor modifications. Having different passwords for each service generally requires password managers or memorable (but weak) passwords, introducing other vulnerabilities [10, 18]. Recent research [14, 6] has offered multiple alternatives but those require either rote mem-orization [8] or computation on a physical device [23, 7]. This paper presents the Cue-Pin-Select password family scheme, which uses simple mental operations (counting and character selection) to create a password from a passphrase and the name of the service the password is targeted for. It needs little memorization to create and retrieve passwords, and requires no assistance from any physical device. It is durable and adaptable to different password requirements. It is secure against known threat models, including against adversaries with stolen passwords. A usability test shows the successes of users in real-life conditions over four days.
Type de document :
Pré-publication, Document de travail
2018
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01781231
Contributeur : Nikola Blanchard <>
Soumis le : samedi 21 juillet 2018 - 18:33:46
Dernière modification le : jeudi 15 novembre 2018 - 20:27:45
Document(s) archivé(s) le : lundi 1 octobre 2018 - 01:07:58

Identifiants

  • HAL Id : hal-01781231, version 1

Collections

OSUG | IPAG | UGA | USPC | INSU

Citation

Nicolas Blanchard, Leila Gabasova, Ted Selker, Eli Sennesh. Cue-Pin-Select, a Secure and Usable Offline Password Scheme. 2018. 〈hal-01781231〉

Partager

Métriques

Consultations de la notice

74

Téléchargements de fichiers

195