When does a dynamic programming formulation guarantee the existence of an FPTAS?
Proceedings of the tenth annual ACM-SIAM symposium on Discrete algorithms
Computers and Intractability; A Guide to the Theory of NP-Completeness
Computers and Intractability; A Guide to the Theory of NP-Completeness
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password management strategies for online accounts
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
How unique and traceable are usernames?
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
| Hi-index | 0.00 |
Each Internet user has, on average, 25 password-protected accounts, but only 6.5 distinct passwords[webhabits]. Despite the advice of security experts, users are obviously re-using passwords across multiple sites. So this paper asks the question: given that users are going to re-use passwords across multiple sites, how should they best allocate those passwords to sites so as to minimize their losses from accidental password disclosures? We provide both theoretical and practical results. First, we provide a mathematical formulation of the Password Allocation (PA) problem and show that it is NP-complete with a reduction via the 3-Partition problem. We then study several special cases and show that the optimal solution is often a contiguous allocation -- i.e., similar accounts share passwords. Next, we evaluate several human- and machine-computable heuristics that have very good performance and produce solutions that are reasonably close to optimal. We find that the human-computable heuristics do not perform nearly as well as the machine-computable heuristics, however, they provide a useful and easy to follow set of guidelines for re-using passwords.