A note on undetected typing errors
Communications of the ACM
Pass-sentence—a new approach to computer code
Computers and Security
Communications of the ACM
Error-tolerant password recovery
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A character-level error analysis technique for evaluating text entry methods
Proceedings of the second Nordic conference on Human-computer interaction
Security and Usability
Using Samba
Proceedings of the 2011 workshop on New security paradigms workshop
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
Linguistic properties of multi-word passphrases
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
We propose a way to increase the usability of password authentication systems by compensating for transposition and substitution errors. We show how to correct for these errors with low false positive rates (i.e., low probability that an arbitrary string will be accepted as the password for authentication). Thus our techniques increase usability with provably little loss of security. In particular, we propose applying a single password-corrective hash function to each entered password attempt. The key property of the hash function is that two strings differing by a single data entry error be likely to be hashed to the same key, while more substantially differing strings are hashed to different keys. We develop precise analytical formulae for the precision/recall tradeoffs for a variety of corrective hash functions. We evaluate these methods at parameter values reflecting common classes of keys/passwords. Finally, we evaluate these schemes using a popular crack-list (dictionary) of 680,000 common words. We show that we can correct for all user transposition errors while reducing the computational cost of a crack attack by only 13%.