In this article, we present a thorough evaluation of semantic password grammars. We report multifactorial ex-periments that test the impact of sample size, probability smoothing, and linguistic information on password cracking. The semantic grammars …
Passphrases offer an alternative to traditional passwords which aim to be stronger and more memorable. However, users tend to choose short passphrases with predictable patterns that may reduce the security they offer. To explore the potential of long …
We explore the feasibility of Tacit Secrets: system-assigned pass- words that you can remember, but cannot write down or otherwise commu- nicate. We design an approach to creating Tacit Secrets based on Contextual Cueing, an implicit learning method …
We explore the differences in password behaviours and attitudes of samples of university students, IT professionals, and the general population (non-student and non-IT professional). Currently, text-based password authentication is the most commonly …
We design and explore the usability and security of two geographic authentication schemes: GeoPass and GeoPassNotes. GeoPass requires users to choose a place on a digital map to authenticate with (a location password). GeoPassNotes-an extension of …
We provide an in-depth study of the security of click-based graphical password schemes like PassPoints (Weidenbeck et al., 2005), by exploring popular points (hot-spots), and examining strategies to predict and exploit them in guessing attacks. We …
We introduce and evaluate various methods for purely automated attacks against PassPoints-style graphical passwords. For generating these attacks, we introduce a graph-based algorithm to efficiently create dictionaries based on heuristics such as …
In commonplace text-based password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and are thus vulnerable to brute-force dictionary attacks. This leads us to ask whether other types of passwords (e.g., graphical) …