Open dbosk opened 8 years ago
The annual Passwords conference.
There is a list of publications related to passwords (or authentication in general) here.
The following are interesting:
@inproceedings{das2014tangled, title={The Tangled Web of Password Reuse.}, author={Das, Anupam and Bonneau, Joseph and Caesar, Matthew and Borisov, Nikita and Wang, XiaoFeng}, booktitle={NDSS}, volume={14}, pages={23--26}, year={2014} }
@article{castelluccia2013privacy, title={When privacy meets security: Leveraging personal information for password cracking}, author={Castelluccia, Claude and Chaabane, Abdelberi and D{\"u}rmuth, Markus and Perito, Daniele}, journal={arXiv preprint arXiv:1304.6584}, year={2013} }
@inproceedings{kelley2012guess, title={Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms}, author={Kelley, Patrick Gage and Komanduri, Saranga and Mazurek, Michelle L and Shay, Richard and Vidas, Timothy and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Lopez, Julio}, booktitle={Security and Privacy (SP), 2012 IEEE Symposium on}, pages={523--537}, year={2012}, organization={IEEE} }
@inproceedings{mazurek2013measuring, title={Measuring password guessability for an entire university}, author={Mazurek, Michelle L and Komanduri, Saranga and Vidas, Timothy and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith and Kelley, Patrick Gage and Shay, Richard and Ur, Blase}, booktitle={Proceedings of the 2013 ACM SIGSAC conference on Computer \& communications security}, pages={173--186}, year={2013}, organization={ACM} }
@inproceedings{shay2010encountering, title={Encountering stronger password requirements: user attitudes and behaviors}, author={Shay, Richard and Komanduri, Saranga and Kelley, Patrick Gage and Leon, Pedro Giovanni and Mazurek, Michelle L and Bauer, Lujo and Christin, Nicolas and Cranor, Lorrie Faith}, booktitle={Proceedings of the Sixth Symposium on Usable Privacy and Security}, pages={2}, year={2010}, organization={ACM} }
@inproceedings{florencio2007large, title={A large-scale study of web password habits}, author={Florencio, Dinei and Herley, Cormac}, booktitle={Proceedings of the 16th international conference on World Wide Web}, pages={657--666}, year={2007}, organization={ACM} }
@inproceedings{gaw2006password, title={Password management strategies for online accounts}, author={Gaw, Shirley and Felten, Edward W}, booktitle={Proceedings of the second symposium on Usable privacy and security}, pages={44--55}, year={2006}, organization={ACM} }
@inproceedings{stobert2014password, title={The password life cycle: user behaviour in managing passwords}, author={Stobert, Elizabeth and Biddle, Robert}, booktitle={Proc. SOUPS}, year={2014} }
@inproceedings{weir2010testing, title={Testing metrics for password creation policies by attacking large sets of revealed passwords}, author={Weir, Matt and Aggarwal, Sudhir and Collins, Michael and Stern, Henry}, booktitle={Proceedings of the 17th ACM conference on Computer and communications security}, pages={162--175}, year={2010}, organization={ACM} }
@inproceedings{florencio2010security, title={Where do security policies come from?}, author={Flor{\^e}ncio, Dinei and Herley, Cormac}, booktitle={Proceedings of the Sixth Symposium on Usable Privacy and Security}, pages={10}, year={2010}, organization={ACM} }
Specifically kelley2012guess
.
NIST Electronic Authentication Guideline: http://dx.doi.org/10.6028/NIST.SP.800-63-2
The article [On the Privacy Impacts of Publicly Leaked Password Databases]() provides an interesting aspect of passwords too.
@inproceedings{DBLP:conf/dimva/HeenN17,
author = {Olivier Heen and
Christoph Neumann},
title = {On the Privacy Impacts of Publicly Leaked Password Databases},
booktitle = {Detection of Intrusions and Malware, and Vulnerability Assessment
- 14th International Conference, {DIMVA} 2017, Bonn, Germany, July
6-7, 2017, Proceedings},
pages = {347--365},
year = {2017},
crossref = {DBLP:conf/dimva/2017},
url = {https://doi.org/10.1007/978-3-319-60876-1_16},
doi = {10.1007/978-3-319-60876-1_16},
timestamp = {Tue, 27 Jun 2017 15:32:28 +0200},
biburl = {http://dblp.uni-trier.de/rec/bib/conf/dimva/HeenN17},
bibsource = {dblp computer science bibliography, http://dblp.org}
}
https://arxiv.org/abs/1709.00440
@ARTICLE{2017arXiv170900440H,
author = {{Hitaj}, B. and {Gasti}, P. and {Ateniese}, G. and {Perez-Cruz}, F.
},
title = "{PassGAN: A Deep Learning Approach for Password Guessing}",
journal = {ArXiv e-prints},
archivePrefix = "arXiv",
eprint = {1709.00440},
primaryClass = "cs.CR",
keywords = {Computer Science - Cryptography and Security, Computer Science - Learning, Statistics - Machine Learning},
year = 2017,
month = sep,
adsurl = {http://adsabs.harvard.edu/abs/2017arXiv170900440H},
adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}
One way of designing an unconditionally-secure password manager:
http://webee.technion.ac.il/~hugo/rwc17.html
Slides: https://rwc.iacr.org/2017/Slides/hugo.krawczyk.pdf Video: https://www.youtube.com/watch?v=px8hiyf81iM
FireEye gives the world GoCrack, a Dockerised hashcat implementation for sysadmins https://www.theregister.co.uk/2017/10/31/fireeye_simplifies_hashcat/
Subject: A Serious Game Design: Nudging Users' Memorability of Security Questions. (arXiv:1709.08167v1 [cs.CR])
http://arxiv.org/abs/1709.08167
Authors: Nicholas Micallef[1], Nalin Asanka Gamagedara Arachchilage[2]
Security questions are one of the techniques used to recover passwords. The
main limitation of security questions is that users find strong answers
difficult to remember. This leads users to trade-off security for the
convenience of an improved memorability. Previous research found that
increased fun and enjoyment can lead to an enhanced memorability, which
provides a better learning experience. Hence, we empirically investigate
whether a serious game has the potential of improving the memorability of
strong answers to security questions. For our serious game, we adapted the
popular "4 Pics 1 word" mobile game because of its use of pictures and cues,
which psychology research found to be important to help with memorability. Our
findings indicate that the proposed serious game could potentially improve the
memorability of answers to security questions. This potential improvement in
memorability, could eventually help reduce the trade-off between usability and
security in fall-back authentication.
Could semantic icons replace passwords and PINs? https://nakedsecurity.sophos.com/2018/07/18/could-semantic-icons-replace-passwords-and-pins/amp/