Have the cake and eat it too -- Infusing usability into password authentication systems

Sundararaman Jeyaraman
CERIAS, Purdue University
USA

Umut Topkara
CERIAS, Purdue University
USA

Text-password based authentication schemes are a popular means of
authenticating users in computer systems.
Standard security practices that were intended to make
passwords more difficult to crack, such as requiring users to have
passwords that ``look random'' (high entropy), have made password systems
less usable and paradoxically, less secure.
In this work, we address the need for enhancing the usability of existing
text-password systems without necessitating any modifications to the existing
password authentication infrastructure.
We propose, develop and evaluate a system
that automatically generates memorable mnemonics for a given password based on a text-corpus.
Initial experimental results suggest that automatic mnemonic generation is
a promising technique for making text-password systems more usable.
Our system was able to generate mnemonics for 80.5% of 6-character passwords
and 62.7% of 7-character passwords containing lower-case characters (a-z), even
when the text-corpus size is extremely small (1000 sentences).

Keywords: Usability, passwords, authentication

Read Paper Read Paper (in PDF)