research-article

Assistance in Daily Password Generation Tasks

Authors:

Verena ZimmermannAuthors Info & Claims

UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

Pages 786 - 793

https://doi.org/10.1145/3267305.3274127

Published: 08 October 2018 Publication History

Abstract

Passwords and PINs are used to protect all kinds of services against adversaries in our everyday lives. To serve their purpose, passwords require a certain degree of complexity which is often enforced through password policies. This results in complicated passwords, which might not only be hard for users to create, but also hard to remember. Furthermore, users might reuse passwords which they feel are secure. We present a scheme for deterministic password generation that solves these problems by assisting the user in generating and remembering passwords. The passwords are generated based on previously stored meta data (e.g., policies) and a master password. Since the password generation is deterministic, only the master password is required to recreate the passwords. As proof of concept we implemented a mobile app and pre-evaluated it. The pre-evaluation indicates that our scheme offers a good usability.

References

[1]

Nora Alkaldi and Karen Renaud. 2016. Why Do People Adopt, or Reject, Smartphone Password Managers?. In Proceedings of the 1st European Workshop on Usable Security (EuroUSEC). Internet Society, Reston, VA, USA, 1--14.

[2]

Aaron Bangor, Philip Kortum, and James Miller. 2009. Determining What Individual SUS Scores Mean: Adding an Adjective Rating Scale. Journal of Usability Studies 4, 3 (2009), 114--123.

Digital Library

[3]

John Brooke. 1996. SUS - A Quick and Dirty Usability Scale. Usability Evaluation in Industry 189, 194 (1996), 4--7.

[4]

Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and Xiao Feng Wang. 2014. The Tangled Web of Password Reuse. In Proceedings of Network and Distributed System Security Symposium (NDSS). Internet Society, Reston, VA, USA, 23--26.

[5]

Dinei Florencio and Cormac Herley. 2007. A Large-Scale Study of Web Password Habits. In Proceedings of the 16th international Conference on World Wide Web (WWW). ACM, New York, NY, USA, 657--666.

Digital Library

[6]

Cormac Herley. 2009. So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users. In Proceedings of the New Security Paradigms Workshop (NSPW). ACM, New York, NY, USA, 133--144.

Digital Library

[7]

Moritz Horsch. 2018. Generating and Managing Secure Passwords for Online Accounts. Ph.D. Dissertation. Technische Universität Darmstadt.

[8]

Philip G. Inglesant and M. Angela Sasse. 2010. The True Cost of Unusable Password Policies: Password Use in the Wild. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI). ACM, New York, NY, USA, 383--392.

Digital Library

[9]

Markus Jakobsson and Ruj Akavipat. 2012. Rethinking Passwords to Adapt to Constrained Keyboards. In Proceedings of the Workshop on Mobile Security Technologies (MoST). IEEE, Piscataway, NJ, USA, 1--11.

[10]

Burt Kaliski. 2000. RFC 2898: PKCS# 5: Password-Based Cryptography Specification Version 2.0. (2000).

Digital Library

[11]

Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. 2011. Of Passwords and People: Measuring the Effect of Password-Composition Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI). ACM, New York, NY, USA, 2595--2604.

Digital Library

[12]

David Llewellyn-Jones and Graham Rymer. 2017. Cracking Pwdhash: A Bruteforce Attack on Client-Side Password Hashing. In Proceedings of the 11th International Conference on Passwords (Passwords). Springer-Verlag, Cham, Switzerland.

[13]

Karola Marky, Andreas Gutmann, Philipp Rack, and Melanie Volkamer. 2016. Privacy Friendly Apps - Making Developers Aware of Privacy Violations. In Proceedings of the 1st International Workshop on Innovations in Mobile Privacy and Security (IMPS). CEUR Workshop Proceedings, 46--48.

[14]

Colin Percival. 2009. Stronger Key Derivation via Sequential Memory-Hard Functions. https://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf. (2009). Self-published, Online; accessed: 12-June-2018}.

[15]

Niels Provos and David Mazieres. 1999. A Future-Adaptable Password Scheme. In Proceedings of the USENIX Annual Technical Conference (ATC). Usenix Association, Berkeley, CA, USA, 81--91.

Digital Library

[16]

Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C Mitchell. 2005. Stronger Password Authentication Using Browser Extensions. In Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley, CA, USA, 17--32.

Digital Library

[17]

Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen. 2010. Recommendation for Password-Based Key Derivation. NIST special publication 800 (2010), 132.

Digital Library

Cited By

Feng JYan RHan GZhang W(2024)BDPM: A secure batch dynamic password management scheme in industrial internet environmentsFuture Generation Computer Systems10.1016/j.future.2024.03.030157(193-209)Online publication date: Aug-2024
https://doi.org/10.1016/j.future.2024.03.030
Albesher A(2023)Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 WebsitesSustainability10.3390/su15141104315:14(11043)Online publication date: 14-Jul-2023
https://doi.org/10.3390/su151411043
Kubariev OPiatykop OPronina OLevytska T(2023)The Research on Methods for Generating Random Passwords2023 IEEE International Conference on Information and Telecommunication Technologies and Radio Electronics (UkrMiCo)10.1109/UkrMiCo61577.2023.10380416(63-66)Online publication date: 13-Nov-2023
https://doi.org/10.1109/UkrMiCo61577.2023.10380416
Show More Cited By

Index Terms

Assistance in Daily Password Generation Tasks
1. Human-centered computing

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

UbiComp '18: Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers

October 2018

1881 pages

ISBN:9781450359665

DOI:10.1145/3267305

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
University of Florida: University of Florida
SIGCHI: ACM Special Interest Group on Computer-Human Interaction

In-Cooperation

SIGSPATIAL: ACM Special Interest Group on Spatial Information

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

UbiComp '18

Sponsor:

SIGMOBILE
University of Florida
SIGCHI

UbiComp '18: The 2018 ACM International Joint Conference on Pervasive and Ubiquitous Computing

October 8 - 12, 2018

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 764 of 2,912 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
310
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)6

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Feng JYan RHan GZhang W(2024)BDPM: A secure batch dynamic password management scheme in industrial internet environmentsFuture Generation Computer Systems10.1016/j.future.2024.03.030157(193-209)Online publication date: Aug-2024
https://doi.org/10.1016/j.future.2024.03.030
Albesher A(2023)Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 WebsitesSustainability10.3390/su15141104315:14(11043)Online publication date: 14-Jul-2023
https://doi.org/10.3390/su151411043
Kubariev OPiatykop OPronina OLevytska T(2023)The Research on Methods for Generating Random Passwords2023 IEEE International Conference on Information and Telecommunication Technologies and Radio Electronics (UkrMiCo)10.1109/UkrMiCo61577.2023.10380416(63-66)Online publication date: 13-Nov-2023
https://doi.org/10.1109/UkrMiCo61577.2023.10380416
Dressler AGerber NMenig APasnicu OStöver AVogt J(2023)Current topics of interdisciplinary cooperation between engineering and human sciencesAktuelle Themen der interdisziplinären Zusammenarbeit von Ingenieur- und HumanwissenschaftenZeitschrift für Arbeitswissenschaft10.1007/s41449-023-00352-y77:1(7-22)Online publication date: 1-Feb-2023
https://doi.org/10.1007/s41449-023-00352-y
Yin YJang-Jaccard JBaghaei N(2022)PassImg: A Secure Password Generation and Management Scheme without Storing2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD54268.2022.9776045(341-346)Online publication date: 4-May-2022
https://doi.org/10.1109/CSCWD54268.2022.9776045
Mulaji SRoodt S(2021)The Practicality of Adopting Blockchain-Based Distributed Identity Management in OrganisationsSecurity and Communication Networks10.1155/2021/99100782021Online publication date: 28-Nov-2021
https://dl.acm.org/doi/10.1155/2021/9910078
Jeong HJung HVerbert KParra DHammond TKnijnenburg BO'Donovan JTaele P(2021)MonoPass: A Password Manager without Master Password AuthenticationCompanion Proceedings of the 26th International Conference on Intelligent User Interfaces10.1145/3397482.3450720(52-54)Online publication date: 14-Apr-2021
https://dl.acm.org/doi/10.1145/3397482.3450720
Smiatacz MWiszniewski B(2021)Just look at to open it up:Multimedia Tools and Applications10.1007/s11042-021-10533-8Online publication date: 5-Mar-2021
https://doi.org/10.1007/s11042-021-10533-8

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents