Safe passwords made easy to use


Nikola K. Blanchard


Kyle Lee Hogan
How do we choose and remember our secure access codes? So far biometrics, password managers, and systems like Facebook connect have not been able to guarantee the security we need. Remembering dozens of different passwords becomes a usability nightmare. 25+ years into online experience, each of us have many hard-to-remember or easy-to-guess passwords, with all the risks and frustration they imply.
We describe experiments showing how to make easy to remember codes and passwords and the system to make them, called Cue-Pin-Select. It can generate (and regenerate) passwords on the go using only the user's brain for computation. It has the advantage of creating memorable passwords, not requiring any external storage or computing device, and can be executed in less than a minute to create a new password.
This talk will summarize recent usable security work done with Ted Selker. It will start with the Cue-Pin-Select algorithm, cover an improvement we found that applies to all passphrase-based security systems, and explain some of the work currently underway to have better tools to study password schemes and human computation.

Nikola K. Blanchard is a doctoral candidate at IRIF under the direction of Ted Selker and Nicolas Schabanel. After studying mathematics at ENS, he's currently pursuing research on usability of security and voting technologies, and he's been working and organizing votes with the random sample voting project for the past two years. His manuscript on the use of randomness in political institutions, "A chance for democracy", is currently being considered by publishers.