Abstract
Shared Cues is a password management system proposed by Blocki, Blum and Datta at Asiacrypt 2013. Unlike the majority of password management systems Shared Cues passwords are never stored, even on the management device. The idea of the Shared Cues system is to help users choose and remember passwords in a manner proven to avoid brute force searching under reasonable assumptions.
Blocki et al. analysed Shared Cues theoretically but did not describe any practical tests. We report on the design and implementation of an iOS application based on Shared Cues, which we call PassCue. This enables us to consider the practicality of Shared Cues in the real world and address important issues of user interface, parameter choices and applicability on popular web sites. PassCue demonstrates that the Shared Cues password management system is useable and secure in practice as well as in theory.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Anderson, J.R., Matessa, M., Lebiere, C.: Act-r: a theory of higher level cognition and its relation to visual attention. Hum. Comput. Interact. 12(4), 439–462 (1997)
Anderson, J.R., Schooler, L.J.: Reflections of the environment in memory. Psychol. Sci. 2(6), 396–408 (1991)
Baddeley, A.D.: Human Memory: Theory and Practice. Lawrence Erlbaum Associates, Hove (1990)
Blocki, J., Blum, M., Datta, A.: Naturally rehearsing passwords. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 361–380. Springer, Heidelberg (2013)
Bryant, M.: Amazon EC2 GPU HVM spot instance password cracking - hashcat setup tutorial (2013). http://thehackerblog.com/amazon-ec2-gpu-hvm-spot-instance-cracking-setup-tutorial/#more-576. Accessed 26 April 2014
Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: NDSS. The Internet Society (2012)
Danescu-Niculescu-Mizil, C., Cheng, J., Kleinberg, J.M., Lee, L.: You had me at hello: How phrasing affects memorability. CoRR, abs/1203.6360 (2012)
Defuse. Password policy hall of shame. https://defuse.ca/password-policy-hall-of-shame.htm. Accessed 10 March 2014
Dell’Amico, M., Michiardi, P., Roudier, Y.: Password strength: an empirical analysis. In: Proceedings of the 29th Conference on Information Communications, INFOCOM 2010, pp. 983–991. IEEE Press (2010)
Dunham, A.: Password cracking on amazon EC2 (2013). http://du.nham.ca/blog/posts/2013/03/08/password-cracking-on-amazon-ec2/. Accessed 26 April 2014
Wildenhain, A., et al.: Comparison of usability and security of password creation schemes (2012). https://www.cs.cmu.edu/~jblocki/Anne_Wildenhain_2012.htm. Accessed 07 February 2014
Foer, J.: Moonwalking with Einstein: The Art and Science of Remembering Everything. Penguin Books Limited, New York (2011)
Google. Creating a strong password (2013). https://support.google.com/accounts/answer/32040?hl=en. Accessed 26 April 2014
Johnson, G.J.: A distinctiveness model of serial learning. Psychol. Rev. 98(2), 204–217 (1999)
Johnston, C.: Why your password can’t have symbols–or be longer than 16 characters (2013). http://arstechnica.com/security/2013/04/why-your-password-cant-have-symbols-or-be-longer-than-16-characters/. Accessed 11 March 2014
Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 523–537, May 2012
Kohonen, T.: Associative Memory: A System-Theoretical Approach. Springer, Berlin (1977)
Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., Egelman, S.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2011, New York, NY, USA, pp. 2595–2604. ACM (2011)
LinkedIn. An update on LinkedIn member passwords compromised (2012). http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/. Accessed 16 February 2014
Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 63(2), 81–97 (1956)
Sandvoll, M.: Design and analysis of a password management system. Masters thesis, NTNU (2014)
Smith, R.E.: The strong password dilemma. Comput. Secur. J. 18(2), 31–38 (2002)
Squire, L.R.: On the course of forgetting in very long-term-memory. J. Exp. Psychol. Learn. 15(2), 241–245 (1989)
The Verge. Evernote resets all passwords after user information is stolen in security breach (2013). http://www.theverge.com/2013/3/2/4056704/evernote-password-reset. Accessed 16 February 2014
Willshaw, D.J., Buckingham, J.T.: An assessment of Marrs theory of the hippocampus as a temporary memory store. Philos. Trans. R. Soc. Lond. B. Biol. Sci. 329(1253), 205–215 (1990)
Woźniak, P.A., Gorzelańczyk, E.J.: Optimization of repetition spacing in the practice of learning. Acta Neurobiol. Exp. 54(1), 59–62 (1994)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A PassCue
A PassCue
The public pictures in the following example figures are taken by the author and used with persons’ permission. The private action and objects pictures are used with permission from morguefile.com.
Figure 3 shows the application screens for the initialization process. The initialization process is only required the first time the application is launched. The user selects a background image and a person image for the nine required cues. The user is able to select pictures from the photo library or downloaded images. When the user pushes the Select Background Image button, an image picker screen is displayed and the user can select the appropriate picture. The user can quit the application in order to obtain the images or take the images with the camera on the phone. The cue pictures are saved within the document directory in the application, and the path is saved in the database. If the images were to be deleted from the photo library, it will not affect the application. In this example the user selects a picture of the trampoline in his garden and a picture of his grandmother as the first cue.
When the user has selected images for all nine cues the top left screen in Fig. 4 is displayed. The user can add an account by pushing the + button. The user must select an account name and write account notes if desired. As we saw in Sect. 2.3, many sites puts restrictions on the password selection in order to force the user to select a strong password. In this case, for the Gmail account, Google recommends using a mix of letters, numbers and symbols in the password [13]. The user inputs “23&.” in the account notes field, and will use this when deriving the password. The account notes are displayed in plaintext and are assumed to be accessible to an attacker. How this affects the security is explained in Sect. 5.2.
When the Next button is pushed, the first cue and the randomly selected association is displayed. In the example in Fig. 4 the user must imagine the following setting; “My grandmother is surfing a banana on the trampoline”. Surfing and banana is the private part of the cue and will never be displayed after the cue initialization. Surfing and banana will be used to create the password. The public picture of the user’s grandmother and his trampoline will later be used to trigger the association of surfing and banana from the users associative memory. In cue two the user must reflect over the following story; “My mother is presenting a dog on the toilet”. Cue three gives the following story; “My father is drawing a bunny in the garden”. In cue four the user must imagine the following; “My sister is inspecting a gift in the hallway”.
Once the user presses the Done button in part 4, a warning message alerts the user that the associations are non-retrievable after this step. A rehearsal schedule is created for cue 1, 2, 3 and 4. This is performed to ensure that the user does not forget the actions and objects associated with the cues.
Figure 5 shows how PassCue can be used to log in to a system. In this example, PassCue holds two accounts, Gmail and PayPal. To log in to the Gmail account, the user selects the Gmail account and the account cues and notes are displayed. The user will use the cues in order to retrieve the associations from associative memory. The user must ask himself; “What did my grandmother on the trampoline?” and should remember that she was indeed “surfing a banana!”. The next cue retrieves the association presenting and dog. Cue three reveals that “My father was drawing a bunny in the garden”. The last cue was “My sister is inspecting a gift in the hallway”.
In this example the user always uses the account notes as the first part of the password, and uses the three first letters from each action and object with capital first letter for all the action derived letters. The password for Gmail will be “23&.SurbanPredogDrabunInsgif”. The user must press the LoggedIn button for the rehearsal schedule to be updated. Once pressed LoggedIn the application calculates a new rehearsal time for the involved cues according to the rehearsal schedule.
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sandvoll, M., Boyd, C., Larsen, B.B. (2015). PassCue: The Shared Cues System in Practice. In: Mjølsnes, S. (eds) Technology and Practice of Passwords. PASSWORDS 2014. Lecture Notes in Computer Science(), vol 9393. Springer, Cham. https://doi.org/10.1007/978-3-319-24192-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-24192-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24191-3
Online ISBN: 978-3-319-24192-0
eBook Packages: Computer ScienceComputer Science (R0)