How People Use Passwords ■Write them down Use a single password at multiple sites -Do you use the same password for Amazon and your bank account?Do you remember them all? Make passwords easy to remember -“password',Longhorns'”,“Kevin123” ■ Some services use "secret questions" to reset passwords -“What is your favorite pet's name?” 11
11 How People Use Passwords Write them down Use a single password at multiple sites ─ Do you use the same password for Amazon and your bank account? Do you remember them all? Make passwords easy to remember ─ “password”, “Longhorns”, “Kevin123” Some services use “secret questions” to reset passwords ─ “What is your favorite pet’s name?
Social Engineering Univ.of Sydney study (1996) -336 CS students emailed asking for their passwords ●Pretext:“validate”password database after suspected break-in -138 returned their passwords Treasury Dept.report(2005) -Auditors pose as IT personnel attempting to correct a "network problem" -35(of 100)IRS managers and employees provide their usernames and change passwords to a known value 12
12 Social Engineering Univ. of Sydney study (1996) ─ 336 CS students emailed asking for their passwords ● Pretext: “validate” password database after suspected break-in ─ 138 returned their passwords Treasury Dept. report (2005) ─ Auditors pose as IT personnel attempting to correct a “network problem” ─ 35 (of 100) IRS managers and employees provide their usernames and change passwords to a known value
Strengthening Passwords ■Add biometrics For example,keystroke dynamics or voiceprint -Revocation is often a problem with biometrics Graphical passwords -Goal:increase the size of memorable password space Rely on the difficulty of computer vision -Face recognition is easy for humans,hard for machines -Present user with a sequence of faces,he must pick the right face several times in a row to log in 13
13 Strengthening Passwords Add biometrics ─ For example, keystroke dynamics or voiceprint ─ Revocation is often a problem with biometrics Graphical passwords ─ Goal: increase the size of memorable password space Rely on the difficulty of computer vision ─ Face recognition is easy for humans, hard for machines ─ Present user with a sequence of faces, he must pick the right face several times in a row to log in
Graphical Passwords Images are easy for humans to remember -Especially if you invent a memorable story to go along with the images Dictionary attacks on graphical passwords are believed to be difficult -Images are very“random”(is this true?) Still not a perfect solution -Need infrastructure for displaying and storing images -Shoulder surfing slide 14 14
14 slide 14 Graphical Passwords Images are easy for humans to remember ─ Especially if you invent a memorable story to go along with the images Dictionary attacks on graphical passwords are believed to be difficult ─ Images are very “random” (is this true?) Still not a perfect solution ─ Need infrastructure for displaying and storing images ─ Shoulder surfing
passfaces" STRONG AUTHENTICATION The Only Fully Scalable Means to Replace or Reinforce Passwords Passfaces Meets the Challenge Secure and Usable
Passfaces Meets the Challenge Secure and Usable