SCS Undergraduate Thesis Topics
|Shikun Zhang||Manuel Blum||A Password Management Application with Provable Security and Minimal User Effort|
Passwords are used by millions of users everyday to protect their important online accounts. However, because of the increasing number of accounts and limited human memory, people tend to adopt unsafe practices including the usage of weak or identical passwords for various accounts. In order to solve this problem, we want to develop both secure and usable password management schemes, which are systematic strategies for a use to create and remember multiple passwords. Shared Cues, a password management scheme proposed by Blocki et al., makes use of natural rehearsals of passwords and mnemonic techniques to achieve provable strong security with minimal user effort. In their scheme, the user memorizes several vivid PersonActionObject stories, and uses subsets of the stories as passwords. The strategic sharing of PAO stories minimizes the number of stories that a user has to memorize, and also preserves security. Moreover, users can successfully maintain the memory of passwords by following a particular rehearsal schedule. The application which I am developing is an implementation of their scheme. Unlike other password managers, this application does not store any password or use any master password. It includes a memory game to facilitate with memorization of PAO stories, a reminder system to remind our users to rehearse stories that they have not practiced recently and a mechanism to help users recall stories if they forget. The web application is hosted on GitHub, and can also be used on mobile end utilizing cloud storage to allow synchronization across devices. For future work, we are planning to conduct user studies to gather feedback and advice on potential improvements to the application.