Remember it Like Sherlock: Learning System-assigned Passwords in a Single Registration Session with the Methods of Cognitive Psychology
Time and Date: 3:00 PM, Wednesday, April 18, 2018
Place: 235 Weir Hall
Speaker: Dr. Taiabul Haque
Abstract: System-assigned random passwords offer security guarantees against guessing attacks but suffer from poor memorability. In this work, we review the cognitive psychology literature and identify two training methods appropriate to aid users in memorizing system-assigned passwords. The method of loci exploits users’ spatial and visual memory, while the link method helps users by creating a chain of memory cues. We developed techniques to automatically take a given random password and generate training aids (videos) based on each of these methods. The results of a memorability study showed that both methods were significantly better than a control condition (no training). We further extend this idea to help users memorize long system-assigned random passwords that offer almost crypto-level security and conduct a second memorability study. The results of this study demonstrated that the method of loci can be leveraged to help users memorize cryptographically-strong secret in just one session, and thus offers a more viable alternative to the spaced repetition technique, which involves dozens of sessions of user training.
Bio: Dr. Taiabul Haque is an Assistant Professor in the School of Computer Science and Mathematics at the University of Central Missouri. He received his Ph.D. in Computer Science from the University of Texas at Arlington (UTA) where he worked as a Research Assistant in the Information Security Lab (iSec), under the supervision of Dr. Matthew Wright. His research interests lie in the areas of Information Security and Human-Computer Interaction. He is specifically interested in exploring the underlying human factors in textual password based authentication system. He has contributed seven peer-reviewed publications so far in this field. He graduated with a bachelor's degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology (BUET).