The average user has between 90–130 online accounts [17], and around \(3\times 10^{11}\) passwords are in use this year [10]. Most people are terrible at remembering “random” passwords, so they reuse or create similar passwords using a combination of predictable words, numbers, and symbols [16]. Previous password-generation or management protocols have imposed so large a cognitive load that users have abandoned them in favor of insecure yet simpler methods (e.g., writing them down or reusing minor variants).
We describe a range of candidate human-computable “hash” functions suitable for use as password generators - as long as the human (with minimal education assumptions) keeps a single, easily-memorizable ‘master’ secret - and rate them by various metrics, including effective security. These functions hash master-secrets with user accounts to produce sub-secrets that can be used as passwords; \(F_R(\)s\(, w) \longrightarrow y\), which takes a website w and produces a password y, parameterized by the master secret s, which may or may not be a string.
We exploit the unique configuration R of each user’s associative and implicit memory (detailed in Sect. 2) to ensure that sources of randomness unique to each user are present in each F. An adversary cannot compute or verify \(F_R\) efficiently since R is unique to each individual; in that sense, our hash function is similar to a physically unclonable function [37]. For the algorithms we propose, the user need only complete primitive operations such as addition, spatial navigation or searching. Critically, most of our methods are also accessible to neurodiverse, or cognitively or physically differently-abled persons.
Given the nature of these functions, it is not possible to directly use traditional cryptographic methods for analysis; so, we use an array of approaches, mainly related to entropy, to illustrate and analyze the same. We draw on cognitive, neuroscientific, and cryptographic research to use these functions as improved password management and creation systems, and present results from a survey (n = 134 individuals, with each candidate performing 2 schemes) investigating real-world usage of these methods and how people currently come up with their passwords. We also survey 400 websites to collate current password advice.
Anzeige
Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.
Preventing this, in most password managers, requires users to terminate the manager each time after use. Users may be unaware of this or disregard it because of inconvenience, which once again lowers its security [25].
In general, as a human-computable hash function grows in difficulty, a human is more likely to abandon it [16, 30] and revert to weak password practices. So, one can have very high theoretical security but, in practice, be totally insecure.
Beyond careful design, these also included side-channel defenses e.g., the paper material was designed to degrade within a few weeks, ensuring that obsolete codes would not be used, and “lost” manuals would lose value quickly.
All images have demonstrably high priming “strength” [31] i.e. our images are already embedded in the user’s mind (familiar places that they can navigate mentally).
In practice, the time taken to find a password’s hash depends on the alphabet used, degree of parallelization, hardware specifications such as processor flops, etc. [8].
Assuming an appropriate threat actor – imagining an adversarial ‘evil’ sibling with occasional read-only access to your living space is a useful rule of thumb.
Assuming character entropies are independent. We do not consider dictionary attacks, character frequencies etc. as these would require a large number of passwords to be statistically valid, and due to unique user memory configurations R we cannot computationally generate large numbers of passwords.