The need for both usable and secure authentication is more pronounced than ever before. Security researchers and professionals will need to have a deep understanding of human factors to address these issues. Due to their ubiquity, recoverability, and low barrier of entry, passwords remain the most common means of digital authentication. However, fundamental human nature dictates that it is exceedingly difficult for people to generate secure passwords on their own. System-generated random passwords can be secure but are often unusable, which is why most passwords are still created by humans. We developed a simple system for automatically generating mnemonic phrases and supporting mnemonic images for randomly generated passwords. We found that study participants remembered their passwords significantly better using our system than with existing systems. To combat shoulder surfing – looking at a user’s screen or keyboard as he or she enters sensitive input such as passwords – we developed an input masking technique that was demonstrated to minimize the threat of shoulder surfing attacks while improving the usability of password entry over existing methods. Extending this previous work to support longer passphrases will lead to advancements in the state of digital authentication.
Juang, Kevin; Greenstein, Joel; Fraune, Marlena; and Ranganayakulu, Sanjay, "Improving the Usability and Security of Digital Authentication" (2013). Graduate Research and Discovery Symposium (GRADS). 72.