{"607565":{"#nid":"607565","#data":{"type":"news","title":"Georgia Tech Researchers Show Easy Ways to Create Secure Passwords  ","body":[{"value":"\u003Cp\u003EEight characters. One capital letter. A special character. A different password for each website. Remembering a new password is almost as challenging as creating one. Yet strong passwords are vitally important to keeping online information secure.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThis is why Georgia Tech researchers have developed a method for users to generate secure passwords in their head without having to memorize them.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EHuman computation is the study of algorithms people can complete in their head. Developing secure passwords through human computation was first presented in a 2015 paper by School of Computer Science (SCS) Professor\u003Cstrong\u003E \u003Ca href=\u0022https:\/\/www.scs.gatech.edu\/people\/11074\/santosh-vempalas\u0022\u003ESantosh Vempala\u003C\/a\u003E\u003C\/strong\u003E and Carnegie Mellon Professor \u003Cstrong\u003EManuel Blum\u003C\/strong\u003E. Their paper introduced humanly computable password strategies and gave theoretical measures and analysis of their security and human usability.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EBut \u003Cstrong\u003EAdam Kalai\u003C\/strong\u003E, principal researcher at Microsoft Research New England, and SCS Ph.D. student \u003Cstrong\u003E\u003Ca href=\u0022https:\/\/www.scs.gatech.edu\/content\/samira-samadi\u0022\u003ESamira Samadi\u003C\/a\u003E \u003C\/strong\u003Ewanted to find a way to test these strategies on real people and make them easy to learn.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;There was still a big gap between these ideas being out there and whether an internet user would actually be able to adopt them,\u0026rdquo; Samadi said. \u0026ldquo;My field is in theory and machine learning, and whatever I do, I want to see if there can be a real-world impact.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003ECreating a password strategy\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EWith practicality in mind, Samadi worked with Kalai and Vempala to design a guide to help users through the process. The website presents three strategies users can try to craft passwords:\u003C\/p\u003E\r\n\r\n\u003Cul\u003E\r\n\t\u003Cli\u003E\r\n\t\u003Cp\u003ELetter Code Strategy: mapping letters to letters\u003C\/p\u003E\r\n\t\u003C\/li\u003E\r\n\t\u003Cli\u003E\r\n\t\u003Cp\u003EThree Word Strategy: using three random words\u003C\/p\u003E\r\n\t\u003C\/li\u003E\r\n\t\u003Cli\u003E\r\n\t\u003Cp\u003ECounting strategy: permuting five consonants and five vowels to generate words, and mapping these 10 letters to the 10 digits\u003C\/p\u003E\r\n\t\u003C\/li\u003E\r\n\u003C\/ul\u003E\r\n\r\n\u003Cp\u003EFor example, with the letter code strategy, a user would map the first 20 letters of the alphabet to 20 random consonants. Only using the first 20 letters is easier for memorization. If a website uses a letter from the last six letters (say Zillow), users can employ the \u0026ldquo;wildcard\u0026rdquo; letter of their choice.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ETo memorize this letter map, Samadi suggests coming up with words that use those two letters matched on their map. If the letters were \u0026ldquo;a\u0026rdquo; and\u0026rdquo; q,\u0026rdquo; users might think \u0026ldquo;aquarium.\u0026rdquo; Generating words for each combo will help users remember their map and then be able to come up with passwords quickly as needed.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ETo generate a password for a website, users take the name of the website and match it to their map. With Apple.com, a user would match each letter of the word \u0026ldquo;apple\u0026rdquo; to the corresponding letter on their map. If a password required a number or special character, users can append a fixed random combo, such as B7!.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIn the three-word strategy, the user selects and memorizes a sequence of three random words. These implicitly create a letter code. To find the code for a letter, locate its first occurrence in the three chosen words and find the next consonant, as seen in the diagram.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESamadi designed \u003Ca href=\u0022http:\/\/www.safepasswords.org\u0022\u003Ea website\u003C\/a\u003E where anyone can learn this and the other two password strategies via step-by-step instructions and informative videos. Coming up with a password strategy can take some effort for first-time users, but once they memorize a table or three words, they can generate passwords in seconds.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe researchers created a study to evaluate the usability and effectiveness of the step-by-step instructions provided. For the letter-code strategy, it took users 21 minutes to learn the strategy and memorize a complete random letter code (13 minutes for the three-word strategy). The study found that after some practice, users could generate completely new passwords in under 20 seconds each.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe research was presented in the paper\u003Cem\u003E \u003Ca href=\u0022https:\/\/arxiv.org\/pdf\/1712.03650.pdf\u0022\u003EUsability of Human Computable Passwords\u003C\/a\u003E\u003C\/em\u003E, coauthored with Kalai and Vempala, at HCOMP 2018, the \u003Ca href=\u0022https:\/\/www.humancomputation.com\/2018\/\u0022\u003EAAAI Conference on Human Computation and Crowdsourcing\u003C\/a\u003E in Zurich from July 5 to 8.\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Georgia Tech researchers present three human computation methods to create stronger passwords."}],"uid":"34541","created_gmt":"2018-07-09 13:37:59","changed_gmt":"2018-07-10 18:40:41","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2018-07-09T00:00:00-04:00","iso_date":"2018-07-09T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"607566":{"id":"607566","type":"image","title":"Password Strategy","body":null,"created":"1531143532","gmt_created":"2018-07-09 13:38:52","changed":"1531143532","gmt_changed":"2018-07-09 13:38:52","alt":"password flowchart","file":{"fid":"231756","name":"Screen Shot 2018-07-09 at 9.38.24 AM.png","image_path":"\/sites\/default\/files\/images\/Screen%20Shot%202018-07-09%20at%209.38.24%20AM.png","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/Screen%20Shot%202018-07-09%20at%209.38.24%20AM.png","mime":"image\/png","size":61967,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/Screen%20Shot%202018-07-09%20at%209.38.24%20AM.png?itok=duJIWVBX"}}},"media_ids":["607566"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["tess.malone@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}