Digital Objects as Passwords

HotSec 2008 - 3rd USENIX Workshop on Hot Topics in Security

Volumn , Issue , 2008, Pages

  Mannan, Mohammad ^a   Van Oorschot, P C ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

ENTROPY;

DIGITAL OBJECTS; HIGH QUALITY; OBJECT BASED; PASSWORD SCHEMES; RESEARCH COMMUNITIES; SECURITY AND USABILITIES; STRONG PASSWORD; WEB AUTHENTICATION;

AUTHENTICATION;

EID: 84865024945     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. W. Cheswick. Johnny can obfuscate; beyond mothers maiden name. In USENIX Workshop on Hot Top- ics in Security (HotSec'06), Vancouver, BC, Canada, July 2006.
2. C. M. Ellison, C. Hall, R. Milbert, and B. Schneier. Protecting secret keys with personal entropy. Future Generation Computer Systems, 16(4), Feb. 2000.
3. D. Florêncio and C. Herley. A large-scale study of web password habits. In World Wide Web Conference (WWW2007), Banff, Alberta, Canada, May 2007.
4. D. Florêncio, C. Herley, and B. Coskun. Do strong web passwords accomplish anything? In USENIX Workshop on Hot Topics in Security (HotSec'07), Boston, MA, USA, Aug. 2007.
5. A. Forget, S. Chiasson, P. van Oorschot, and R. Bid- dle. Improving text passwords through persua- sion. In Symposium on Usable Privacy and Security (SOUPS'08), Pittsburgh, PA, USA, July 2008.
6. S. Furnell. Authenticating ourselves: will we ever es- cape the password? Network Security, 2005(3).
7. V. Griffith and M. Jakobsson. Messin' with Texas, deriving mother's maiden names using public records. In Applied Cryptography and Network Secu- rity (ACNS'05), New York, NY, USA, June 2005.
8. S. Halevi and H. Krawczyk. Public-key cryptography and password protocols. ACM Trans. on Information and System Security (TISSEC), 2(3), Aug. 1999.
9. N. Haller. The S/KEY one-time password system. In Symposium on Network and Distributed System Secu- rity (NDSS), San Diego, CA, USA, Feb. 1994.
10. C. Kuo, S. Romanosky, and L. F. Cranor. Human se- lection of mnemonic phrase-based passwords. In Sym- posium On Usable Privacy and Security (SOUPS'06), Pittsburgh, PA, USA, July 2006.
11. MacDevCenter.com. How Paris got hacked? News article (Feb. 22, 2005), http://www.macdevcenter. com/pub/a/mac/2005/01/01/paris.html.
12. D. McDonald. A convention for human-readable 128- bit keys, Dec. 1994. RFC 1751 (Informational). http: //www.ietf.org/rfc/rfc1751.txt.
13. Microsoft. Strong passwords: How to create and use them. Online article (Mar. 22, 2006). http://www.microsoft.com/protect/yourself/ password/create.mspx.
14. R. Morris and K. Thompson. Password security: A case history. Communications of the ACM, 22(11), Nov. 1979.
15. OpenWall.com. John the Ripper password cracker. http://www.openwall.com/john/.
16. A. S. Patrick. Monitoring corporate password sharing using social network analysis. In International Sunbelt Social Network Conference, St. Pete Beach, Florida, USA, Jan. 2008.
17. A. Rabkin. Personal knowledge questions for fallback authentication. In Symp. on Usable Privacy and Se- curity (SOUPS'08), Pittsburgh, PA, USA, July 2008.
18. D. Ramsbrock, R. Berthier, and M. Cukier. Pro- filing attacker behavior following SSH compromises. In IEEE/IFIP Dependable Systems and Networks (DSN'07), Edinburgh, UK, June 2007.
19. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In USENIX Security Symposium, Baltimore, MD, USA, 2005.
20. B. Schneier. The curse of the secret question. Blog post (Feb. 11, 2005), http://www.schneier.com/ blog/archives/2005/02/the curse of th.html.
21. B. Schneier. Real-world passwords. Analysis of 34, 000 MySpace.com userid-password pairs. Blog post (Dec. 14, 2006). http://www.schneier.com/blog/ archives/2006/12/realworld passw.html.
22. R. E. Smith. The strong password dilemma. Chapter 6 in "Authentication: From Passwords to Public Keys", Addison-Wesley, 2002. Excerpt available at http://www.cryptosmith.com/sanity/ pwdilemma.html.
23. X. Suo and Y. Zhu. Graphical passwords: A survey. In Annual Computer Security Applications Conference (ACSAC'05), Tucson, AZ, USA, Dec. 2005.
24. D. Weirich and M. A. Sasse. Pretty good persua- sion: A first step towards effective password security in the real world. In New Security Paradigms Work- shop (NSPW), Cloudcroft, NM, USA, Sept. 2001.
25. T. Wu. A real-world analysis of Kerberos password security. In Network and Distributed System Security Symp. (NDSS'99), San Diego, CA, USA, Feb. 1999.
26. J. Yan, A. Blackwell, R. Anderson, and A. Grant. Password memorability and security: Empirical re- sults. IEEE Security & Privacy, 2(5), Sept.-Oct. 2004.
27. J. J. Yan. A note on proactive password checking. In New Security Paradigms Workshop (NSPW), Cloud- croft, NM, USA, Sept. 2001.
28. M. Zviran and W. J. Haga. Cognitive passwords: The key to easy access control. Computers & Security, 9(8), Dec. 1990.