Telepathwords: Preventing Weak Passwords by Reading Usersí Minds
Author(s): Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, Stuart Schechter

Date: August 2014
Publication: 23rd USENIX Security Symposium, SEC '14
Publisher: USENIX
Source 1: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-komanduri.pdf
Source 2: http://research.microsoft.com/pubs/216722/TelepathwordsUSENIX2014.pdf

Abstract:
To discourage the creation of predictable passwords, vulnerable to guessing attacks, we present Telepathwords. As a user creates a password, Telepathwords makes realtime predictions for the next character that user will type. While the concept is simple, making accurate predictions requires efficient algorithms to model usersí behavior and to employ already-typed characters to predict subsequent ones. We first made the Telepathwords technology available to the public in late 2013 and have since served hundreds of thousands of user sessions.

We ran a human-subjects experiment to compare password policies that use Telepathwords to those that rely on composition rules, comparing participantsí passwords using two different password-evaluation algorithms. We found that participants create far fewer weak passwords using the Telepathwords-based policies than policies based only on character composition. Participants using Telepathwords were also more likely to report that the password feedback was helpful.


PasswordResearch.com Note: Video and audio recordings of paper presentation available: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/komanduri


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com