nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

PassCue: The Shared Cues System in Practice

verfasst von : Mats Sandvoll, Colin Boyd, Bjørn B. Larsen

Erschienen in: Technology and Practice of Passwords

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Shared Cues is a password management system proposed by Blocki, Blum and Datta at Asiacrypt 2013. Unlike the majority of password management systems Shared Cues passwords are never stored, even on the management device. The idea of the Shared Cues system is to help users choose and remember passwords in a manner proven to avoid brute force searching under reasonable assumptions.

Blocki et al. analysed Shared Cues theoretically but did not describe any practical tests. We report on the design and implementation of an iOS application based on Shared Cues, which we call PassCue. This enables us to consider the practicality of Shared Cues in the real world and address important issues of user interface, parameter choices and applicability on popular web sites. PassCue demonstrates that the Shared Cues password management system is useable and secure in practice as well as in theory.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Gathering and Analyzing Identity Leaks for Security Awareness

Nächstes Kapitel Private Password Auditing

Nur mit Berechtigung zugänglich

Anderson, J.R., Matessa, M., Lebiere, C.: Act-r: a theory of higher level cognition and its relation to visual attention. Hum. Comput. Interact. 12(4), 439–462 (1997)CrossRef

Anderson, J.R., Schooler, L.J.: Reflections of the environment in memory. Psychol. Sci. 2(6), 396–408 (1991)CrossRef

Baddeley, A.D.: Human Memory: Theory and Practice. Lawrence Erlbaum Associates, Hove (1990)

Blocki, J., Blum, M., Datta, A.: Naturally rehearsing passwords. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 361–380. Springer, Heidelberg (2013) CrossRef

Bryant, M.: Amazon EC2 GPU HVM spot instance password cracking - hashcat setup tutorial (2013). http://thehackerblog.com/amazon-ec2-gpu-hvm-spot-instance-cracking-setup-tutorial/#more-576. Accessed 26 April 2014

Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: NDSS. The Internet Society (2012)

Danescu-Niculescu-Mizil, C., Cheng, J., Kleinberg, J.M., Lee, L.: You had me at hello: How phrasing affects memorability. CoRR, abs/1203.6360 (2012)

Defuse. Password policy hall of shame. https://defuse.ca/password-policy-hall-of-shame.htm. Accessed 10 March 2014

Dell’Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: Proceedings of the 29th Conference on Information Communications, INFOCOM 2010, pp. 983–991. IEEE Press (2010)

10.

Dunham, A.: Password cracking on amazon EC2 (2013). http://du.nham.ca/blog/posts/2013/03/08/password-cracking-on-amazon-ec2/. Accessed 26 April 2014

11.

Wildenhain, A., et al.: Comparison of usability and security of password creation schemes (2012). https://www.cs.cmu.edu/~jblocki/Anne_Wildenhain_2012.htm. Accessed 07 February 2014

12.

Foer, J.: Moonwalking with Einstein: The Art and Science of Remembering Everything. Penguin Books Limited, New York (2011)

13.

Google. Creating a strong password (2013). https://support.google.com/accounts/answer/32040?hl=en. Accessed 26 April 2014

14.

Johnson, G.J.: A distinctiveness model of serial learning. Psychol. Rev. 98(2), 204–217 (1999)CrossRef

15.

Johnston, C.: Why your password can’t have symbols–or be longer than 16 characters (2013). http://arstechnica.com/security/2013/04/why-your-password-cant-have-symbols-or-be-longer-than-16-characters/. Accessed 11 March 2014

16.

Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 523–537, May 2012

17.

Kohonen, T.: Associative Memory: A System-Theoretical Approach. Springer, Berlin (1977)CrossRefMATH

18.

Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., Egelman, S.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2011, New York, NY, USA, pp. 2595–2604. ACM (2011)

19.

LinkedIn. An update on LinkedIn member passwords compromised (2012). http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/. Accessed 16 February 2014

20.

Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 63(2), 81–97 (1956)CrossRef

21.

Sandvoll, M.: Design and analysis of a password management system. Masters thesis, NTNU (2014)

22.

Smith, R.E.: The strong password dilemma. Comput. Secur. J. 18(2), 31–38 (2002)

23.

Squire, L.R.: On the course of forgetting in very long-term-memory. J. Exp. Psychol. Learn. 15(2), 241–245 (1989)CrossRef

24.

The Verge. Evernote resets all passwords after user information is stolen in security breach (2013). http://www.theverge.com/2013/3/2/4056704/evernote-password-reset. Accessed 16 February 2014

25.

Willshaw, D.J., Buckingham, J.T.: An assessment of Marrs theory of the hippocampus as a temporary memory store. Philos. Trans. R. Soc. Lond. B. Biol. Sci. 329(1253), 205–215 (1990)CrossRef

26.

Woźniak, P.A., Gorzelańczyk, E.J.: Optimization of repetition spacing in the practice of learning. Acta Neurobiol. Exp. 54(1), 59–62 (1994)

27.

Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)CrossRef

Titel: PassCue: The Shared Cues System in Practice
verfasst von: Mats Sandvoll
Colin Boyd
Bjørn B. Larsen
Verlag: Springer International Publishing
Buch: Technology and Practice of Passwords
Print ISBN: 978-3-319-24191-3

Electronic ISBN: 978-3-319-24192-0

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24192-0_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"