Cue-Pin-Select, a Secure Mental Password Manager - Archive ouverte HAL Accéder directement au contenu
Pré-Publication, Document De Travail Année : 2020

Cue-Pin-Select, a Secure Mental Password Manager

Résumé

People struggle to invent safe passwords for many of their typical online activities, leading to a variety of security problems when they use overly simple passwords or reuse them multiple times with minor modifications. Having different passwords for each service generally requires password managers or memorable (but weak) passwords, introducing other vulnerabilities. Recent research has offered multiple alternatives but those require either rote memorisation or computation on a physical device. This paper describes a secure and usable solution to this problem that requires no assistance from any physical device. We present the Cue-Pin-Select password family scheme that requires little memorisation and allows users to create and retrieve passwords easily. It uses our natural cognitive abilities to be durable, adaptable to different password requirements, and resistant to attacks, including ones involving plain-text knowledge of some passwords from the family. We include a theoretical analysis of its security according to multiple attack models. Finally, we show the promising results of a small-scale user study that put participants in real-life conditions for multiple days.
Fichier principal
Vignette du fichier
Cue_Pin_Select__a_Secure_and_Usable_Offline_Password_Scheme (6).pdf (792.97 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01781231 , version 1 (21-07-2018)
hal-01781231 , version 2 (28-04-2020)

Identifiants

  • HAL Id : hal-01781231 , version 2

Citer

Enka Blanchard, Leila Gabasova, Ted Selker, Eli Sennesh. Cue-Pin-Select, a Secure Mental Password Manager. 2020. ⟨hal-01781231v2⟩
522 Consultations
1102 Téléchargements

Partager

Gmail Facebook X LinkedIn More