Keyboard Based Password Generation Strategies


Ben Harsha and Jeremiah Blocki, Purdue University


A Human Computable Password Generation Scheme is a strategy which allows a user to quickly (re)generate multiple distinct passwords for different web sites by transforming a challenge (e.g., the name of a website like Google) into a password using a small set of secrets (e.g., words, person-action-object stories) that the user has memorized. The goal of these schemes is to help users develop increasingly secure and memorable passwords. The transformation should be simple enough that the user can execute it quickly in their head without assistance, and should produce distinct password for different web sites. In a Keyboard Based Password Generation Scheme the transformation is based on the location(s) of the letters in the challenge on the user’s keyboard. This potentially makes the transformation rules easier to learn and apply since we can safely assume that the user will always have a keyboard when (re)generating a password for authentication. We propose several new Keyboard Based Password Generation Schemes and conduct a longitudinal user study (400+ users over 50+ days) to evaluate the usability of each scheme.

    author = {Harsha, Ben and Blocki, Jeremiah},
    title = {{Keyboard Based Password Generation Strategies}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2019},
    series = {WAY~'19},
    pages = {1--6},
    address = {Santa Clara, California, USA},
    month = aug,
    publisher = {}
} % No publisher