How do we choose and remember our secure access codes? So far biometrics, password managers, and systems like Facebook connect have not been able to guarantee the security we need. Remembering dozens of different passwords becomes a usability nightmare. 25+ years into online experience, each of us have many hard-to-remember or easy-to-guess passwords, with all the risks and frustration they imply.
We describe experiments showing how to make easy to remember codes and passwords and the system to make them, called Cue-Pin-Select. It can generate (and regenerate) passwords on the go using only the user's brain for computation. It has the advantage of creating memorable passwords, not requiring any external storage or computing device, and can be executed in less than a minute to create a new password.
This talk will summarize recent usable security work done with Ted Selker. It will start with the Cue-Pin-Select algorithm, cover an improvement we found that applies to all passphrase-based security systems, and explain some of the work currently underway to have better tools to study password schemes and human computation.