How do we choose and remember our secure access codes? So far biometrics, password managers, and systems like Facebook connect have not been able to guarantee the security we need. Remembering dozens of different passwords becomes a usability nightmare. 25+ years into online experience, each of us have many hard-to-remember or easy-to-guess passwords, with all the risks and frustration they imply.
We describe experiments showing how to make easy to remember codes and passwords and the system to make them, called Cue-Pin-Select. It can generate (and regenerate) passwords on the go using only the user's brain for computation. It has the advantage of creating memorable passwords, not requiring any external storage or computing device, and can be executed in less than a minute to create a new password.
This talk will summarize recent usable security work done with Ted Selker. It will start with the Cue-Pin-Select algorithm, cover an improvement we found that applies to all passphrase-based security systems, and explain some of the work currently underway to have better tools to study password schemes and human computation.
After an initial training in mathematics and informatics at ENS Paris, Nikola K. Blanchard started a PhD at IRIF, supervised by Nicolas Schabanel and Ted Selker. In 2015, they joined the Random Sample Voting Project to develop voting protocols, prevent vote selling and improve the deployment of new voting technologies, organizing multiple test elections. They recently started doing research on usability of security with Ted Selker, initially for secure voting technologies but expanding into the field of password research.
As e-democracy research requires not just security or usability but also political science, they joined the Chôros think tank and teamed up with Géza Tessényi to co-found the Public Opinion Platform,s adding the deliberation aspect needed for any e-democracy project. They are currently in the process of publishing a book on the use of randomness in political institutions.