Passwords for Everyone: Secure Mnemonic-based Accessible Authentication

In many environments, the input mechanism to a computer system is severely constrained. For example, a disabled person may only be capable of yeslno responses to prompts from the screen (by different nods of the head, eye movements, hand movements, or even by different thought patterns that are captured by a sensor). Alternatively, the user msy not suffer from any impairment yet the environment precludes the use of a keyboard or keypad, as happens with tiny portable devices such as some of the smaller .mp3 players, voice sensors at the doors of restricted-access areas, and hands-free situations such as constr~~r:tion work sites, operation of a motor vehicle, etc. Finally, a case can be made, in situations where shoulder-surfing is prevalent (such as in crowded cyber-cafes), for deliberately resmcting the input to be a response that is hard to detect by a shoulder-surfer (e.g., left-click vs right-click), even though the user in such cases has a keyboard and is perfectly capable of using it. Requiring ,the user to remember a long random bit string and to'authenticate by entering each bit in the yeslno available input mechanism, is completely impractical. This paper deals with the question of authentication in such environments where the inputs are constrained to be yeslno responses to statements displayed on the user's screen. We present PassWit, a mnemonicbased system for such environments that combines good usability with high security, and has many additional features such as (to mention a few) resistance to phishing, keystroke-logging, resistance to duress and physical coercion of the user, and compatibility with currently deployed systems and password file formats (hence it can co-exist with existing login mechanism). An important ingredient in our recipe is the use of a mnemonic that enables the user to produce a long enough (hence more secure) string of appropriate yeslno answers to displayed prompts (i.e., challenges). Another important ingredient is the non-adaptive nature of these challenges so they are inherently non-revealing to a shoulder-surfer or phisher. The mnemonic is a sentence or a set of words known only to the user and authenticating server (in the server they are stored in a cryptographically protected way rather than in the clear) the users are never asked to enter their mnemonics to the system, they only use the mnemonic to answer the server's challenge questions. Our usage of text for mnemonics is not necessary but it is what we implemented for reasons of convenience and compatibility with existing login mechanisms; we could equally well have used speech, video, or pictures.