Login | Register

Myphrase: Passwords from your Own Words


Myphrase: Passwords from your Own Words

Skillen, Adam and Mannan, Mohammad (2013) Myphrase: Passwords from your Own Words. Working Paper. Unpublished. (Unpublished)

[thumbnail of myphrase-tech_rpt.pdf]
Text (application/pdf)
myphrase-tech_rpt.pdf - Draft Version
Available under License Spectrum Terms of Access.


To improve manageability and strength of user-chosen passwords, we propose a multi-word password scheme called Myphrase. Contrary to the often-repeated but failed policy of banning common words as passwords, we encourage users to use words that are more personal to them—irrespective of the words being too common or esoteric. In Myphrase, a small dictionary is created from user-authored content such as sent emails and blogs. A master passphrase is constructed by randomly selecting words from the dictionary. We propose two variants as a trade-off between security and memorability; in random sequence, words are chosen uniformly across the dictionary, and in connected discourse, words are tagged using a part-of-speech engine and inserted appropriately into sentence templates. Words in the passphrase are expected to be easily recognizable to users and can be efficiently entered by leveraging the auto-suggest feature. Myphrase is designed to be compatible with both desktop and mobile platforms—a growing requirement for current authentication schemes. We create website-specific passwords from the master passphrase by salting the phrase with the site’s domain. To restrict offline attacks on the master passphrase from exposed site passwords, we require the passphrase to be of sufficient length (e.g., 6 words from a 1024-word dictionary, resulting in 60 bits of entropy in the random sequence variant). Entropy calculation for the connected discourse variant is less straightforward. We analyze Myphrase dictionaries and expected entropy of generated passphrases with two datasets: the Enron email corpus, and several popular books from Project Gutenberg. We also evaluate Myphrase using a recently proposed, slightly modified, framework of usability-deployability-security ratings, and seek feedback on our proof-of-concept prototypes available for both desktop and mobile platforms.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Monograph (Working Paper)
Authors:Skillen, Adam and Mannan, Mohammad
Institution:Concordia Institute for Information Systems Engineering
Date:24 January 2013
Keywords:passwords, multi-word passwords, mobile authentication
ID Code:976791
Deposited By: ADAM SKILLEN
Deposited On:25 Jan 2013 15:41
Last Modified:18 Jan 2018 17:43
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top