Presented at
ShmooCon XI (2015),
Unknown date/time
(Unknown duration)
Password entry on mobile devices significantly impacts both usability and security, but there is a dearth of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metricsto passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. A primary accomplishment of this work is our method of optimizing the input of randomly generated passwords on mobile devices via password permutation. This is done by grouping character classes (i.e., uppercase, lowercase, digit, symbol) together to minimize the total number of required keystrokes and decrease cognitive load. We propose a measurement method for quantifying effects on entropy resulting from this password permutation. Additionally, we created and are releasing python scripts, and make use of an existing publicly available NIST data visualization tool to facilitate comparison between usability and security metrics.
Presenters:
-
John Kelsey
The authors work within the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). Kristen is a Cognitive Scientist in NIST's Information Access Division and holds an M.A. and Ph.D. in Cognitive Psychology from Rice University. Joshua is an Information Security Engineer within NIST's Computer Security Division. Joshua graduated from George Mason University with a M.S. in Information Security and Assurance. John Kelsey is an experienced cryptographer at NIST and has degrees in Computer Science and Economics from the University of Missouri Columbia.
-
Joshua Franklin
The authors work within the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). Kristen is a Cognitive Scientist in NIST's Information Access Division and holds an M.A. and Ph.D. in Cognitive Psychology from Rice University. Joshua is an Information Security Engineer within NIST's Computer Security Division. Joshua graduated from George Mason University with a M.S. in Information Security and Assurance. John Kelsey is an experienced cryptographer at NIST and has degrees in Computer Science and Economics from the University of Missouri Columbia.
-
Kristen K. Greene
The authors work within the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). Kristen is a Cognitive Scientist in NIST's Information Access Division and holds an M.A. and Ph.D. in Cognitive Psychology from Rice University. Joshua is an Information Security Engineer within NIST's Computer Security Division. Joshua graduated from George Mason University with a M.S. in Information Security and Assurance. John Kelsey is an experienced cryptographer at NIST and has degrees in Computer Science and Economics from the University of Missouri Columbia.
Similar Presentations: