Check out the new USENIX Web site. next up previous
Next: Memorability based on simple Up: Security of the DAS Previous: The Size of the

Modeling User Choice

 

We assume that the reason that users choose from such a small subset of textual passwords is that the passwords in that set are more memorable than those outside it. That lack of imagination on the part of the user is not the cause for the lack of variety is supported by the fact that system-generated passwords have been so unsuccessful [2]. By making the same assumption about DAS passwords, we can ``reduce'' our task to that of modeling the set of ``memorable'' graphical passwords. If we can show that this set, or some subset of it, has cardinality larger than the dictionary of textual passwords from which users typically choose, we can plausibly claim that as far as information content goes, DAS is more secure than conventional textual password schemes. Here, we identify two such subsets using different criteria of memorability, and show that the cardinalities of these sets do indeed satisfy the above criterion.

What constitutes a memorable password? In the textual case, one obvious component is semantic content. If the sequence of characters has a meaning for the user, the password is more likely to be memorable [18,27,6]. This semantic definition is extremely hard, if not impossible, to characterize in the abstract. It is only because the semantic content of many character combinations has been established by the common use of a written language that we can talk about such content at all. In the DAS scheme, there are obvious password components that have meaning, but it is impossible a priori to identify exactly which passwords will have semantic content, and to how many users, precisely because it is not a representation with meanings established by common use.



 
next up previous
Next: Memorability based on simple Up: Security of the DAS Previous: The Size of the