FastwordsMarkus Jakobsson

Ruj Akavipat

A Bit about Authentication

2

1 2 3 4 5

Short battery life

Slow Web connection

Lack of coverage

Poor voice quality

Small screen

size

Difficulty customizing

settings

Difficulty authenticating

Jakobsson/Akavipat: www.fastword.me

People hate passwords – especially on handsets

• Slow to enter … … and then you realize you mistyped something!

• At the same time, recall rates are low for passwords … and reset is difficult / insecure / expensive

• PINs are faster … … but not very secure … and reuse is rampant

Problems

Jakobsson/Akavipat: www.fastword.me

Q. Why are passwords more painful than text? A. Text uses auto-correction/completion!

Understanding usability issues

Jakobsson/Akavipat: www.fastword.me

Q. Why are (good) passwords hard to recall? A. Good passwords are weird!

(Ebbinghausen, 1885)

Understanding recall issues

Jakobsson/Akavipat: www.fastword.me

Not so secure, you say?Approx. 64k words only.

Auto correct works

frogfroffrofrffrof

A stab at a solution

Jakobsson/Akavipat: www.fastword.me

Auto correct works

frog flat work

Improved solution

Jakobsson/Akavipat: www.fastword.me

Looking at speed

Jakobsson/Akavipat: www.fastword.me

Average password

Average fastword

Looking at security

Jakobsson/Akavipat: www.fastword.me

EFFECTIVE RECALL: 0.36+(1-0.36)*0.48=0.67 …. 67%

Forgot fastword? Hint: first word

Jakobsson/Akavipat: www.fastword.me

Average fastword

Average password

Forgot fastword? Hint: first word

We can improve as basic things as passwords – if we ask “why”.

Jakobsson/Akavipat: www.fastword.me

Big-picture insight