Password Alternatives Project
Passwords are like democracy -- the worst form of authentication, except for every other form of authentication that's been tried. My research group, starting in 2012 at UTA and continuing at RIT until 2021, used to work on studying something-you-know authentication and designing new password systems. The project was never externally funded, but we had some nice papers (CHIx2 including an Honorable Mention, IJHCS, ESORICS, SOUPSx2, and more). This page captures our efforts.
Key Contributions
The LOCIMOTION training system that teaches people to memorize 56-bit random passwords based on the method of loci and a simple typing game with chunking (CHI '21 Honorable Mention, USEC '17)
The CuedR graphical password scheme that introduced the idea of "cued recognition" -- using memory cues in a recognition-based scheme (CHI '15, ESORICS '15, SOUPS '15, USEC '17, WIPS '17, BIT)
Studies on how users manage passwords across systems (IJHCS, WHAT '14, CODASPY '13 Poster)
A deep dive on the usability of the GeoPass geographical authentication system (IwC, USEC '15)
Two studies on password construction on mobile devices, including the first application (that we know of) of psychometrics in the usable security field (SOUPS '14, SPSM '13)
Team Members
Sonali Marne
Co-PI: Shannon Amerilda Scielzo, PhD
Sovantharith (Max) Seng
PI: Matt Wright, PhD
Also: Rajesh Setty, Tauhidul Alam, & Mamoon Al-Rasheed
Publications
Top Papers
S M Taiabul Haque, Jayesh Doolani, Rajesh Setty, and Matthew Wright, “LociMotion: Towards Learning a Strong Authentication Secret in a Single Session,” Proc. ACM CHI, May 2021. Honourable Mention (top 5% of submissions).
Mahdi Nasrullah Al-Ameen, Shannon Scielzo, and Matthew Wright, “Towards Making Random Passwords Memorable: Leveraging Users' Cognitive Ability Through Multiple Cues,” Proc. ACM CHI, April 2015. Cited by 38. Video preview: https://youtu.be/MgaEPkIYQa8
Other Peer-Reviewed Papers
Mahdi Nasrullah Al-Ameen, Sonali T. Marne, Kanis Fatema, Shannon Scielzo, and Matthew Wright, “On Improving the Memorability of System-Assigned Recognition-Based Passwords,” Behaviour & Information Technology (accepted).
Sonali Marne, Mahdi Nasrullah Al-Ameen, and Matthew Wright, “Learning System-assigned Passwords: A Preliminary Study on the People with Learning Disabilities,” Proc. Workshop on Inclusive Privacy and Security (WIPS), July 2017.
S M Taiabul Haque, Mahdi Nasrullah Al-Ameen, Matthew Wright and Shannon Scielzo, “Learning system-assigned passwords (up to 56 bits) in a single registration session with the methods of cognitive psychology,” Proc. Usable Security Mini-Conference (USEC), Feb. 2017.
Sovantharith Seng, Sadia Ahmed, Mahdi Nasrullah Al-Ameen and Matthew Wright, “(Work in Progress) An Insight into the Authentication Performance and Security Perception of Older Users” Proc. Usable Security Mini-Conference (USEC), Feb. 2017.
Mahdi N. Al-Ameen and Matthew Wright, “A Comprehensive Study of the GeoPass User Authentication Scheme,” Interacting with Computers (IwC), Vol. 29, No. 4, Nov. 2016.
Mahdi Nasrullah Al-Ameen, S M Taiabul Haque, and Matthew Wright, “Leveraging Autobiographical Memory for Two-Factor Online Authentication,” Information & Computer Security. Vol. 24, No. 4, Oct. 2016.
Mahdi Nasrullah Al-Ameen, Kanis Fatema, Sonali Marne, Sadia Ahmed, Sovantharith Seng, Matthew Wright, and Shannon Scielzo, “Towards Improving the Memorability of System-assigned Random Passwords,” Proc. Who Are You?! Adventures in Authentication (WAY), June 2016.
Mahdi Nasrullah Al-Ameen, Kanis Fatema, Matthew Wright, and Shannon Scielzo, “Leveraging Real-Life Facts to Make Random Passwords More Memorable,” Proc. European Symposium on Research in Computer Security (ESORICS), Sep. 2015. Cited by 12.
Mahdi Nasrullah Al-Ameen, Kanis Fatema, Shannon Scielzo, and Matthew Wright, “The Impact of Cues and User Interaction on the Memorability of System-Assigned Recognition-Based Graphical Passwords,” Proc. Symposium on Usable Privacy and Security (SOUPS), July 2015. Cited by 10.
Mahdi Nasrullah Al-Ameen and Matthew Wright, “Multiple-Password Interference in the GeoPass User Authentication Scheme,” Proc. NDSS Workshop on Usable Security (USEC), February 2015. Cited by 14.
S M Taiabul Haque, Matthew Wright, and Shannon Scielzo, “Hierarchy of Users' Web Passwords: Perceptions, Practices and Susceptibilities,” International Journal of Human-Computer Studies (IJHCS) Vol. 72, No. 12, pp. 860-874, Dec. 2014. Cited by 35.
S M Taiabul Haque, Shannon Scielzo, and Matthew Wright, “Applying psychometrics to measure user comfort when constructing a strong password,” Proc. Symposium on Usable Privacy and Security (SOUPS), July 2014. Cited by 13.
S M Taiabul Haque, Tauhidul Alam, Mamoon Al-Rasheed, and Matthew Wright, “Password Construction and Management Strategies of the Online Users of Bangladesh: A Demographic Comparison with the Users of the First-World Countries,” Workshop on Human and Technology (WHAT), December 2013.
S M Taiabul Haque, Shannon Scielzo, and Matthew Wright. “Passwords and Interfaces: Towards Creating Stronger Passwords by Using Mobile Phone Handsets,” ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), November 2013. Cited by 17.
S M Taiabul Haque, Shannon Scielzo, and Matthew Wright. “A Study of User Password Strategy for Multiple Accounts,” Poster Session: ACM Conference on Data and Application Security and Privacy (CODASPY), February 2013. Cited by 48.
Tech Reports
Mahdi Nasrullah Al-Ameen, Shannon Scielzo, and Matthew Wright, “Towards Making Random Passwords Memorable: Leveraging Users' Cognitive Ability Through Multiple Cues,” arXiv: 1503.02314 [cs.HC], March 2015.
Mahdi Nasrullah Al-Ameen and Matthew Wright, “A Comprehensive Study of the GeoPass User Authentication System,” arXiv: 1408.2852 [cs.HC], August 2014. Cited by 11.
Mahdi Nasrullah Al-Ameen, S M Taiabul Haque, and Matthew Wright, “Q-A: Towards the Solution of Usability-Security Tension in User Authentication,” arXiv: 1407:7277 [cs:HC], July 2014.
Funding
Matthew Wright (PI) and others. “Sociotechnical Approaches to Cybersecurity,” RIT Signature Interdisciplinary Research Area (SIRA), $2.1M. June 2016 to June 2021. Took over as PI in Aug. 2016 from Bo Yuan.
Matthew Wright (PI) and Jinggao Wang, “Exploring Organizational Needs for Improved User Authentication Systems,” UT Arlington Interdisciplinary Research Program (IRP), $20,000. Aug. 2015 to July 2016.