Towards more secure and usable text passwords

Jan 28, 2016 12:00 AM

Who: Prof. Lujo Bauer from Carnegie Mellon University\
When: Thursday, {{ | date_to_long_string }}, 15:00\
Where: Room EA\
Title: {{ page.title }}

Abstract: Many security problems arise at the interface between computer systems and their users. One set of such problems relates to authentication and text-based passwords, which despite numerous shortcomings and attacks remain the dominant authentication method in computer systems. \
Is pa$$w0rd1 a good password or a bad one? For several years, we’ve been studying how to help users create passwords that are hard for attackers to crack, but are still easy for users to remember and use. A key challenge in this work was to develop and validate a methodology for collecting passwords and assessing their strength and usability. I’ll discuss our approach, and how we applied it to over 50,000 participants to study the effects of password-composition policies, password-strength meters, and detailed, step-by-step feedback and guidance during the password creation policies.