telepathwords
play

Telepathwords Preventing Weak Passwords by Reading Users Minds - PowerPoint PPT Presentation

Jun 24, 2023 •287 likes •504 views

Catalina Cumpanasoiu Erin Gibbons Telepathwords Preventing Weak Passwords by Reading Users Minds Authors: Saranga Komanduri, Richard Shay, and Lorrie Faith Cranor (Carnegie Mellon University) Cormac Herley and Stuart Schechter (Microsoft

  1. Catalina Cumpanasoiu Erin Gibbons Telepathwords Preventing Weak Passwords by Reading Users’ Minds Authors: Saranga Komanduri, Richard Shay, and Lorrie Faith Cranor (Carnegie Mellon University) Cormac Herley and Stuart Schechter (Microsoft Research)

  2. Introduction • Passwords are not going away anytime soon • Most websites use composition rules (e.g. Windows) • Some offer meters to provide feedback on the strength of user password e.g. Egelman et al. (2013): if important account, users use meter when choosing password e.g. Ur et al. (2012): users become frustrated and lose confidence in meter

  3. Introduction • Alternatives to composition rules: e.g. Wheeler(2004): zxcvbn, open-source meter using entropy calculations developed and used by DropBox e.g. Schechter et al. (2010): system prevents choosing popular passwords

  4. Framework 1. What is Telepathwords? 1. Show website 2. Prediction algorithms 1. Common character sequence 2. Keyboard movements 3. Repeated strings 4. Interleaved strings 3. Testing 1. Users response 2. Security 4. Limitations 5. Conclusion

  5. Framework 1. What is Telepathwords? 1. Show website 2. Prediction algorithms 1. Common character sequence 2. Keyboard movements 3. Repeated strings 4. Interleaved strings 3. Testing 1. Users response 2. Security 4. Limitations 5. Conclusion

  6. What is Telepathwords? weak-password-prevention system - real-time prediction of next typed character - how it looks - https://telepathwords.research.microsoft.com/ -

  7. Framework 1. What is Telepathwords? 1. Show website 2. Prediction algorithms 1. Common character sequence 2. Keyboard movements 3. Repeated strings 4. Interleaved strings 3. Testing 1. Users response 2. Security 4. Limitations 5. Conclusion

  8. Prediction Algorithms - Common character sequences • each predictor uses a trie what is a trie? • like binary trees • walk from node to node • common character sequences • come from language models and databases of common passwords the most probable letter to • come next is stored in the leftmost node

  9. Prediction Algorithms - Common character sequences table for common character substitutions (e.g. $ for s, 3 for e, 0 for o) - different windows for each prefix (note: cost of analysis increases) - detect words broken by distractor characters -

  10. Prediction Algorithms - Keyboard Movements maps characters to x and y coordinates - counts consecutive moves that are to adjacent keys -

  11. Prediction Algorithms - Repeated Strings if repetitions are adjacent guesses next character in repetition - e.g. xyabcabcabc if repetitions not adjacent assumes whatever is between the - repetitions is part of repetition as well e.g. abcdefabcdef (blue: user typed; red: guessed by program)

  12. Prediction Algorithms - Interleaved Strings splits in odd and even - runs two analyses, one for odds, one for even - e.g. phaeslslwooyrodu password helloyou

  13. Framework 1. What is Telepathwords? 1. Show website 2. Prediction algorithms 1. Common character sequence 2. Keyboard movements 3. Repeated strings 4. Interleaved strings 3. Testing 1. Users response 2. Security 4. Limitations 5. Conclusion

  14. Testing 2 versions of Telepathwords-based policy: - telepath: at least 6 char unpredicted by system - telepath-v: same as telepath but password shown by default - compared to: - basic8: at least 8 char long - 3class8: 8 char length, include 3 of 4 char classes - 3class12: 12 char length, include 3 of 4 char classes - 3class8-d: 8 char length, 3 of 4 char classes, doesn’t match any - of the 3M words in Openwall cracking dictionary

  15. Testing - User Response - More people annoyed by telepath than pure composition ones - Users believed Telepath feedback provided more insight than others - Both telepath among the treatments users considered more secure than previous password

  16. Testing - Password Security • Only considered weakest passwords • Used three metrics to score passwords: zxcvbn-entropy score: randomness score • Weir+ guess number: number of guesses to crack it • Telepathwords: number of hard to guess characters •

  17. Testing - Password Security All three metrics showed • telepath and telepath-v were substantially more secure Telepath and telepath-v had • the lowest percentages of passwords with zxcvbn- entropy scores of 20 or less

  18. Testing - Password Security • Security principle: psychological acceptability • Tested user recall of passwords a few days later

  19. Framework 1. What is Telepathwords? 1. Show website 2. Prediction algorithms 1. Common character sequence 2. Keyboard movements 3. Repeated strings 4. Interleaved strings 3. Testing 1. Users response 2. Security 4. Limitations 5. Conclusion

  20. Limitations System limitations: - US-centered language corpus (somewhat dated too) - can’t detect reversed sequences characters - privacy policy prevents growth of language corpus Testing limitations: - role-play scenario might not reflect reality - user recall tested after a short period

  21. Conclusion - Telepathwords provides users with significantly more insight into quality of their passwords - Results in passwords stronger than approaches that do not use dictionaries - To crack 1% of Telepathwords passwords, need 1000+ more guesses than default password policies passwords

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
An A rchitectural T emplate for Parallel Loops and Sections Symposium on Software Performance

An A rchitectural T emplate for Parallel Loops and Sections Symposium on Software Performance

An A rchitectural T emplate for Parallel Loops and Sections Symposium on Software Performance 2018 Markus Frank & Alireza Hakamian The Problem with Palladio and Parallelism Manual Modelling Overhead Performance Inaccurate Model

821 views • 19 slides
2.11. The Maximum of n Random Variables 3.4. Hypothesis Testing 5.4. Long Repeats of the Same

2.11. The Maximum of n Random Variables 3.4. Hypothesis Testing 5.4. Long Repeats of the Same

2.11. The Maximum of n Random Variables 3.4. Hypothesis Testing 5.4. Long Repeats of the Same Nucleotide Prof. Tesler Math 283 Fall 2018 Prof. Tesler Max of n Variables & Long Repeats Math 283 / Fall 2018 1 / 24 Maximum of two rolls of

483 views • 24 slides
Cardinality of a Set We use three different notations for the number of elements in a finite set:

Cardinality of a Set We use three different notations for the number of elements in a finite set:

Cardinality of a Set We use three different notations for the number of elements in a finite set: Alan H. SteinUniversity of Connecticut Cardinality of a Set We use three different notations for the number of elements in a finite set: n (

1.19k views • 56 slides
JUST THE MATHS SLIDES NUMBER 2.1 SERIES 1 (Elementary progressions and series) by

JUST THE MATHS SLIDES NUMBER 2.1 SERIES 1 (Elementary progressions and series) by

JUST THE MATHS SLIDES NUMBER 2.1 SERIES 1 (Elementary progressions and series) by A.J.Hobson 2.1.1 Arithmetic progressions 2.1.2 Arithmetic series 2.1.3 Geometric progressions 2.1.4 Geometric series 2.1.5 More general progressions

355 views • 17 slides
Automatic Algorithm Configuration based on Local Search Frank Hutter 1 Holger Hoos 1 utzle 2

Automatic Algorithm Configuration based on Local Search Frank Hutter 1 Holger Hoos 1 utzle 2

Automatic Algorithm Configuration based on Local Search Frank Hutter 1 Holger Hoos 1 utzle 2 Thomas St 1 Department of Computer Science University of British Columbia Canada 2 IRIDIA Universit e Libre de Bruxelles Belgium Real-world

835 views • 59 slides
Unique perfect matchings, structure from acyclicity and proof nets LIPN, Universit Paris 13

Unique perfect matchings, structure from acyclicity and proof nets LIPN, Universit Paris 13

Unique perfect matchings, structure from acyclicity and proof nets LIPN, Universit Paris 13 Computational Logic and Applications, Versailles, July 2nd, 2019 1/19 Nguyn L Thnh Dng (a.k.a. Tito) nltd@nguyentito.eu Perfect matchings

576 views • 42 slides
Reasoning about data repetitions with counter systems S. Demri Joint work with D. Figueira and

Reasoning about data repetitions with counter systems S. Demri Joint work with D. Figueira and

Reasoning about data repetitions with counter systems S. Demri Joint work with D. Figueira and M. Praveen Workshop LIA INFINIS, IRIF, Nov. 2016 Logics for Data Words A fundamental model: data words Timed words [Alur & Dill, TCS 94] a

486 views • 24 slides
Graph analysis of fragmented long-read bacterial genome assemblies Introduction Assembly of 3rd

Graph analysis of fragmented long-read bacterial genome assemblies Introduction Assembly of 3rd

Pierre Marijon, Rayan Chikhi, Jean-Stphane Varr Inria, University of Lille Graph analysis of fragmented long-read bacterial genome assemblies Introduction Assembly of 3rd generation sequencing data - requires correction (not my problem

287 views • 28 slides
Stat 5101 Lecture Slides Deck 1 Charles J. Geyer School of Statistics University of Minnesota

Stat 5101 Lecture Slides Deck 1 Charles J. Geyer School of Statistics University of Minnesota

Stat 5101 Lecture Slides Deck 1 Charles J. Geyer School of Statistics University of Minnesota 1 Sets In mathematics, a set is a collection of objects thought of as one thing. The objects in the set are called its elements . The notation x

1.89k views • 123 slides
qPCR in forensic DNA analysis Johannes Hedman Researcher, Applied Microbiology, Lund University

qPCR in forensic DNA analysis Johannes Hedman Researcher, Applied Microbiology, Lund University

qPCR in forensic DNA analysis Johannes Hedman Researcher, Applied Microbiology, Lund University Specialist, Swedish National Laboratory of Forensic Science Forensic science Every contact leaves a trace Edmond Locard (1877 1966) Forensic

1.32k views • 78 slides
Branching Immediate Observation Petri Nets A strong class with simple reachability Chana

Branching Immediate Observation Petri Nets A strong class with simple reachability Chana

INFINITY Workshop July 7th, 2020 Branching Immediate Observation Petri Nets A strong class with simple reachability Chana Weil-Kennedy joint work with Javier Esparza and Mikhail Raskin The project has received funding from the European Research

1.37k views • 99 slides
Combinatorics on Words through the Word-Equations-lens Florin Manea Georg-August-Universitt

Combinatorics on Words through the Word-Equations-lens Florin Manea Georg-August-Universitt

Combinatorics on Words through the Word-Equations-lens Florin Manea Georg-August-Universitt Gttingen LMW 2020, 6.7.2020 Combinatorics on Words Combinatorics on Words... Wikipedia: Combinatorics on words is a fairly new field of

1.38k views • 125 slides
Introduction to Machine Learning Evaluation: Resampling compstat-lmu.github.io/lecture_i2ml

Introduction to Machine Learning Evaluation: Resampling compstat-lmu.github.io/lecture_i2ml

Introduction to Machine Learning Evaluation: Resampling compstat-lmu.github.io/lecture_i2ml RESAMPLING Aim: Assess the performance of learning algorithm. Make training sets large (to keep the pessimistic bias small), and reduce variance

778 views • 10 slides
S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology What is S CATTER C ACHE ? www.tugraz.at Alternative design for n-way

460 views • 27 slides
An Annotated ed Examp mples es and Parame meter erized ed Exerci cises: Analyzing

An Annotated ed Examp mples es and Parame meter erized ed Exerci cises: Analyzing

An Annotated ed Examp mples es and Parame meter erized ed Exerci cises: Analyzing Students' Behavior Patterns Mehrdad Mirzaei 1 Shaghayegh Sahebi 1 Peter Brusilovsky 2 1 Department of Computer Science, University at Albany - SUNY, Albany,

363 views • 23 slides
QUADRATIC STRUCTURES IN SURGERY THEORY Andrew Ranicki (Edinburgh) ICMS, 5th July, 2006 The

QUADRATIC STRUCTURES IN SURGERY THEORY Andrew Ranicki (Edinburgh) ICMS, 5th July, 2006 The

1 QUADRATIC STRUCTURES IN SURGERY THEORY Andrew Ranicki (Edinburgh) ICMS, 5th July, 2006 The chain complex theory offers many advantages . . . a simple and satisfactory algebraic version of the whole setup. I hope it can be made to work.

650 views • 27 slides
Ria Vergara-Lluri Resident, PGY-4 David Geffen School of Medicine at UCLA Submission to Los

Ria Vergara-Lluri Resident, PGY-4 David Geffen School of Medicine at UCLA Submission to Los

Ria Vergara-Lluri Resident, PGY-4 David Geffen School of Medicine at UCLA Submission to Los Angeles Society of Pathology (LASOP) Resident and Fellow Symposium 2012 Pertinent history and symptoms 43 year old woman presented in 2011 with

649 views • 15 slides
Prognostic molecular models in early-stage lung cancer 14 th Annual Winter Lung Cancer Conference

Prognostic molecular models in early-stage lung cancer 14 th Annual Winter Lung Cancer Conference

Prognostic molecular models in early-stage lung cancer 14 th Annual Winter Lung Cancer Conference Miami, Feb 12 2017 Eric Vallires MD FRCSC Medical Director Division of Thoracic Surgery Swedish Cancer Institute Seattle, WA CASE I: AC OR

610 views • 26 slides
Prepared by: Patricia Carroll, RN-BC, RRT, MS Atrium University Dean Adjunct Professor,

Prepared by: Patricia Carroll, RN-BC, RRT, MS Atrium University Dean Adjunct Professor,

Prepared by: Patricia Carroll, RN-BC, RRT, MS Atrium University Dean Adjunct Professor, Excelsior College This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. Nurse's Notebook, LLC

413 views • 17 slides
guideline concordance

guideline concordance

Using population bases staging data to inform cancer resource allocation cancer screening and treatment guideline concordance

382 views • 22 slides
MITRAL (Mitral Implanta1on of TRAnscatheter vaLves) 30-Day Outcomes of Transcatheter MV

MITRAL (Mitral Implanta1on of TRAnscatheter vaLves) 30-Day Outcomes of Transcatheter MV

MITRAL (Mitral Implanta1on of TRAnscatheter vaLves) 30-Day Outcomes of Transcatheter MV Replacement in Pa1ents With Severe Mitral Valve Disease Secondary to Mitral Annular Calcifica1on or Failed Annuloplasty Rings Mayra Guerrero, MD, FACC, FSCAI

441 views • 26 slides
DNA Ends: Just the Beginning Nobel Lecture Dec. 7, 2009 Jack W. Szostak HHMI, MGH, HMS Two

DNA Ends: Just the Beginning Nobel Lecture Dec. 7, 2009 Jack W. Szostak HHMI, MGH, HMS Two

DNA Ends: Just the Beginning Nobel Lecture Dec. 7, 2009 Jack W. Szostak HHMI, MGH, HMS Two Telomere Problems: 1. DNA ends are reactive 2. Incomplete Replication Telomeres have been known to be special since the 1930s McClintock, Genetics

615 views • 39 slides
Dams in Oregon: impacts, opportunities and future directions Rose Wallick Chauncey Anderson,

Dams in Oregon: impacts, opportunities and future directions Rose Wallick Chauncey Anderson,

Dams in Oregon: impacts, opportunities and future directions Rose Wallick Chauncey Anderson, Stewart Rounds, Mackenzie Keith, Krista Jones USGS Oregon Water Science Center U.S. Department of the Interior U.S. Department of the Interior U.S.

872 views • 51 slides

More recommend