Visible to the public Modeling Aggregate Security with User Agents that Employ Password Memorization TechniquesConflict Detection Enabled

TitleModeling Aggregate Security with User Agents that Employ Password Memorization Techniques
Publication TypeConference Paper
Year of Publication2017
AuthorsChristopher Novak, Dartmouth College, Jim Blythe, University of Southern Califonia, Ross Koppel, University of Southern California, Vijay Kothari, Dartmouth College, Sean Smith, Dartmouth College
Conference NameSymposium On Usable Privacy and Security (SOUPS 2017)
Conference LocationSanta Clara, CA
KeywordsScience of Human Circumvention of Security, science of security

We discuss our ongoing work with an agent-based password simulation which models how site-enforced password requirements a ect aggregate security when people interact with multiple authentication systems. We model two password memorization techniques: passphrase generation and spaced repetition. Our simulation suggests system-generated passphrases lead to lower aggregate security across services that enforce even moderate password requirements. Furthermore, allowing users to expand their password length over time via spaced repetition increases aggregate security.

Citation Keynode-36588

Other available formats:

Modeling Aggregate Security with User Agents thatEmploy Password Memorization Techniques