Usable and Secure Password Management
March 21, 2012
ABSTRACT:
Although millions of users use passwords everyday to protect important assets (e.g., online banking, trading, commerce, email, social networks, and enterprise resources) we do not know how to create secure and usable passwords. A typical computer user today has many password protected online accounts: Amazon, eBay, PNC bank, Gmail, etc.. Informally, a password management scheme is any method for creating and retrieving each password. A typical user has to select and remember a password for over one-hundred different accounts. Many sites have vastly different password requirements: minimum length, maximum length, special characters, capitalization, etc. Intimidated by the prospect of remembering so many different passwords many users adopt an insecure password management scheme: writing down passwords, reusing passwords and picking weak (low entropy) passwords. A large scale study of password habits revealed that in 2007 a typical user had no more than 7 unique passwords and reused each password around 4 times on average. While there are many articles (and even several books) on how to generate good passwords, there is still a clear need to develop password management schemes which are usable and secure.
We are interested in password management schemes which can be implemented on ``human hardware". A good password management scheme should be usable and secure. Informally, a password management scheme is usable if a human can create and recall passwords without too much effort. We present a mathematical framework for analyzing the security of a password management scheme. In this framework a secure password management scheme must provide concrete security guarantees even against an adversary who has already learned one or more of the users passwords. Using this framework we introduce a secure password management scheme and present evidence that this password management scheme is usable.
This is joint work with Manuel Blum and Anupam Datta.
Although millions of users use passwords everyday to protect important assets (e.g., online banking, trading, commerce, email, social networks, and enterprise resources) we do not know how to create secure and usable passwords. A typical computer user today has many password protected online accounts: Amazon, eBay, PNC bank, Gmail, etc.. Informally, a password management scheme is any method for creating and retrieving each password. A typical user has to select and remember a password for over one-hundred different accounts. Many sites have vastly different password requirements: minimum length, maximum length, special characters, capitalization, etc. Intimidated by the prospect of remembering so many different passwords many users adopt an insecure password management scheme: writing down passwords, reusing passwords and picking weak (low entropy) passwords. A large scale study of password habits revealed that in 2007 a typical user had no more than 7 unique passwords and reused each password around 4 times on average. While there are many articles (and even several books) on how to generate good passwords, there is still a clear need to develop password management schemes which are usable and secure.
We are interested in password management schemes which can be implemented on ``human hardware". A good password management scheme should be usable and secure. Informally, a password management scheme is usable if a human can create and recall passwords without too much effort. We present a mathematical framework for analyzing the security of a password management scheme. In this framework a secure password management scheme must provide concrete security guarantees even against an adversary who has already learned one or more of the users passwords. Using this framework we introduce a secure password management scheme and present evidence that this password management scheme is usable.
This is joint work with Manuel Blum and Anupam Datta.