Selecting Secure Passwords
نویسنده
چکیده
We mathematically explore a model for the shortness and security for passwords that are stored in hashed form. The model is implicitly in the NIST publication [8] and is based on conditions of the Shannon, Guessing and Min Entropy. In addition we establish various new relations between these three notions of entropy, providing strong improvements on existing bounds such as the McEliece-Yu bound from [7] and the Min entropy lowerbound on Shannon entropy [3]. As an application we present an algorithm generating near optimally short passwords given certain security restrictions. Such passwords are specifically applicable in the context of one time passwords (e.g. initial passwords, activation codes).
منابع مشابه
Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots
Passwords have to be secure and usable at the same time, a trade-off that is long known. There are many approaches to avoid this trade-off, e.g., to advice users on generating strong passwords and to reject user passwords that are weak. The same usability/security trade-off arises in scenarios where passwords are generated by machines but exchanged by humans, as is the case in pre-shared key (P...
متن کامللبخوانی: روش جدید احراز هویت در برنامههای کاربردی گوشیهای تلفن همراه اندروید
Today, mobile phones are one of the first instruments every individual person interacts with. There are lots of mobile applications used by people to achieve their goals. One of the most-used applications is mobile banks. Security in m-bank applications is very important, therefore modern methods of authentication is required. Most of m-bank applications use text passwords which can be stolen b...
متن کاملInfluencing users towards better passwords: persuasive cued click-points
Usable security has unique usability challenges because the need for security often means that standard human-computer-interaction approaches cannot be directly applied. An important usability goal for authentication systems is to support users in selecting better passwords, thus increasing security by expanding the effective password space. In click-based graphical passwords, poorly chosen pas...
متن کامل"I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab
Users often make passwords that are easy for attackers to guess. Prior studies have documented features that lead to easily guessed passwords, but have not probed why users craft weak passwords. To understand the genesis of common password patterns and uncover average users’ misconceptions about password strength, we conducted a qualitative interview study. In our lab, 49 participants each crea...
متن کاملHelping users create and remember more secure text passwords
This doctoral research aims to persuade users to choose and remember more secure text passwords. The first component involved user studies demonstrating that users can be persuaded to create more secure text passwords. Unfortunately, the stronger passwords were not as memorable as we had hoped. For the second component, we will attempt to improve password memorability by providing implicit feed...
متن کامل