Cognitive passwords: the key to easy access control
Computers and Security
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Protecting secret keys with personal entropy
Future Generation Computer Systems - Special issue on security on the Web
Password security: a case history
Communications of the ACM
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Human selection of mnemonic phrase-based passwords
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Profiling Attacker Behavior Following SSH Compromises
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Johnny can obfuscate: beyond mother's maiden name
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Do strong web passwords accomplish anything?
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
Personal knowledge questions for fallback authentication: security questions in the era of Facebook
Proceedings of the 4th symposium on Usable privacy and security
Messin' with texas deriving mother's maiden names using public records
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Data Is Key: Introducing the Data-Based Access Control Paradigm
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Mercury: recovering forgotten passwords using personal devices
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
A technique for strengthening weak passwords in electronic medical record systems
FHIES'11 Proceedings of the First international conference on Foundations of Health Informatics Engineering and Systems
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.01 |
Security proponents heavily emphasize the importance of choosing a strong password (one with high entropy). Unfortunately, by design, most humans are apparently incapable of generating such passwords, or memorizing a random-looking, machine-generated one for long-term use. Infrequently used passwords pose even bigger security and usability problems. We exploit the fact that many users now own or have access to a large quantity of digitized personal or personally meaningful content in designing an object-based password scheme called ObPwd. ObPwd enables users to select a password generating object from their local collection or from the web, and then converts the password object (e.g. an image, a particular piece of music, excerpt from a book) to a (potentially) high-entropy text password that can be used for regular or secondary web authentication, or in local applications (e.g. encryption). Instead of requiring users to memorize an exact password, ObPwd only requires one to remember a hint or pointer to the password object used. We believe that choosing digital objects as passwords is an interesting alternative to explore, and may enable users to create and maintain high quality passwords. We have implemented a prototype, and solicit feed-back from the research community in regard to using digital objects as passwords.