Modeling Aggregate Security with User Agents that Employ Password Memorization Techniques
نویسندگان
چکیده
We discuss our ongoing work with an agent-based password simulation which models how site-enforced password requirements affect aggregate security when people interact with multiple authentication systems. We model two password memorization techniques: passphrase generation and spaced repetition. Our simulation suggests system-generated passphrases lead to lower aggregate security across services that enforce even moderate password requirements. Furthermore, allowing users to expand their password length over time via spaced repetition increases aggregate security.
منابع مشابه
Image flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملFramework For Wireless Network Security Using Hash Function Based On Feed Forward Artificial Neural Network
Every time computer user asked to keep secret their passwords for various purposes. But memorization of all the passwords always is a tedious job. In this paper, we construct a Hash Function based on Feed Forward Neural Network. Hash Function is one way and secure against Man-in-the-Middle attack. Wired Equivalent Privacy is a well known Wireless Protocol used by every wireless communication us...
متن کاملThe Impact of Cues and User Interaction on the Memorability of System-Assigned Recognition-Based Graphical Passwords
User-chosen passwords reflecting common strategies and patterns ease memorization, but offer uncertain and often weak security. System-assigned passwords provide higher security, and thus in commercially deployed graphical-password systems (e.g., Passfaces), images are randomly assigned by the system. It is difficult, however, for many users to remember system-assigned passwords. We argue that ...
متن کاملAn Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System
Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key ag...
متن کاملEfficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation
A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN sche...
متن کامل