Fastwords - Rethinking Passwords to Adapt to Constrained Keyboards
Date: June 2011 Publication: Passwords^11 (Passwords11) Source 1: http://www.markus-jakobsson.com/fastwords.pdf Source 2: http://mostconf.org/2012/papers/5.pdf Abstract or Summary:
We describe and analyze a variant of the traditional password scheme. This is designed to take advantage of standard error-correcting methods of the types used to facilitate text entry on handsets. We call the new approach fastwords to emphasize their primary feature compared to regular passwords: They are between two and three times faster to enter on both full-size and mobile keyboards. This is supported by user studies reported on herein. Furthermore, these user studies show that fastwords also have considerably greater entropy than passwords, and that their recall rates are dramatically higher than that of passwords and PINs. The new structure permits a memory jogging technique in which a portion of the fastword is revealed to a user who has forgotten it. We show that this results in boosted re-call rates, while maintaining a security above that of traditional passwords. We also introduce the notion of equivalence classes – whether based on semantics or pronunciation – and describe uses, including voice-based authentication. The new technology does not need any client-side modification. full-size and mobile keyboards. This is supported by user studies reported on herein. Furthermore, these user studies show that Fastwords also have considerably greater entropy than passwords, and that their recall rates are dramatically higher than that of passwords and PINs. The new structure permits a memory jogging technique in which a portion of the Fastword is revealed to a user who has forgotten it. We show that this results in boosted re-call rates, while maintaining a security above that of traditional passwords. We also introduce the notion of equivalence classes – whether based on semantics or pronunciation – and describe uses, including voice-based authentication. The new technology does not need any client-side modification. PasswordResearch.com Note: This paper was originally presented at the Mobile Security Technologies (MoST 2012) conference in May 2012. Video of presentation: https://www.youtube.com/watch?v=cyr-fKaVoxk
Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |