Advisor: Amy Csizmar Dalal, W/S
Few phrases raise as much dread in the digital world as "Please select a secure password for this site." No doubt you've encountered this prompt and start to panic. Ok, at least 8 letters, one of which has to be a capital letter, plus at least one number and one symbol, but not a punctuation mark, ...
You know you're not supposed to use the same passwords across multiple sites. But how are you going to remember this one? You have like a zillion passwords. It can't hurt to reuse this password just this once, right?
Maybe you should use a password manager. But what if you forget that password? Should that password be easy to remember, or is that asking for trouble? Or maybe biometrics will save us? Except that biometrics can't be used in every situation. (And you have vague memories of a Mythbusters episode where they defeated a biometric scanner several different ways...)
Passwords are a fact of life, and one that's not going anywhere anytime soon. But passwords have a fundamental conflict: they can be secure, or they can be user-friendly. User-friendly passwords, those that are easy to remember, are often not secure. Secure passwords, those that follow best practices, are not at all user-friendly.
It turns out that there has been quite a bit of research into the "user-friendly passwords" space. And in fact, there are canonical papers on what makes a password user friendly and on how to achieve user friendliness. The question is: if there’s been so much research, why are passwords still largely, well, unusable? In particular, have those canonical papers really stood the test of time? These are the questions you’ll explore in this project
In this project you will explore existing approaches to designing and implementing user-friendly passwords. In particular, you will do the following:
My intent is that the team will select 2-3 canonical papers and work in small groups to implement and test them.
Courses that may be useful include Computer Security and Human-Computer Interaction, but neither of these are required for this project.
We will spend the first couple of weeks exploring the canonical literature, but in the meantime, here are a few papers that give you a taste of the field.